Rogue AV Scammers Span Cultural Divide

By Matthew Hines  |  Posted 2009-12-30 Print this article Print

We often give attackers credit for their ingenuity when they're finding new ways to game people using social engineering, or more commonly when they've created some new form of malware threat to circumvent security defenses.

But one of the skills being shown off of late by some savvy scammers is their ability to understand the broad swath of humanity they seek to target with their work.

In short, while we may think of ourselves as vastly different for reasons of socio-political diversity, scammers are having fun finding ways to attempt to appeal to different groups of people by merely attaching the same attacks to multiple themes that will likely draw in very disparate crowds.

For instance, as noted by Webroot blogger Andrew Bryant in a new post, a recent string of rogue AV attacks that appear to have originated from the same source incorporate a breadth of icons ranging from Beyonce to Ron Paul to gain people's attention, and subsequently infect their machines when successful.

The specific set of threats highlighted by Bryant use a phony YouTube video angle to deliver their code, often via high jacked social networks, but the range of audiences encompassed by the involved attacker's various marketing themes truly runs a broad gamut.

In another nod to the scammers' intelligence in tapping into the viral nature of technology and social strata, the attackers are using fake and hijacked Twitter accounts to dig deeper into specific crowds of people. Links to the fake AV attack are posted in accounts and hidden by URL shortening services to suck in unsuspecting targets.

"A lot of Twitter feeds posted links like these, all within a short amount of time." Bryant notes. "It's not clear exactly how the malware distributors accomplished this, but most of the Twitter user accounts appear to have been compromised."

In addition to Beyonce and Ron Paul, other social icons being incorporated in this run include those aimed at users of the Worlds of Warcraft online massive multiplayer video game. From cover girl fan to libertarian to video game addict, that's a pretty good range of potential targets when you think about it.

Malware campaign marketing appears to have reached new levels of sophistication with this evidence of attackers channeling their content, the same content, at the same time, to so many different constituencies.

Like their legitimate brethren it appears what they've figured out is that often times people who feel they're very different behave in similar ways with just a bit of prodding.

And that a new sucker is still being born every minute.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel