News
Websense Security Labs’ alert
January 2010 by Websense
Websense Security Labs ThreatSeeker Network has been tracking the rise in spam messages on Facebook which link to a money making scam and have just issued an alert on this.
The latest ploy urges you to visit BINSSERVICESONLINE(dot)INFO which redirects the user to an online scam site similar to the one we published before Christmas (see blog Google Scam Kits). The site sells bogus ’working from home’ kits and as with many scams the bad guys are looking to harness information and credit card details. Using Facebook to distribute links that lead to the Google Scam kit is fairly new and is sure to trick some users into buying it.
We understand that a lot of users have received this message and it has quickly became a popular search string on Google. As we’ve seen in the past, criminal groups monitor search terms on popular search engines, such as Google, in order to help tailor their own malicious attacks. It wasn’t long before we started seeing Google search results for BINSSERVICESONLINE being used to lead people to rogue AV products too. In this case the popular search term is actually a scam being used by another criminal group, but this hasn’t stopped the second group from piggybacking the term anyway and poisoning the results.
NB: It is important to note that the two attacks are being operated by two separate groups of criminals. One group started the spam attacks on Facebook and another started manipulating Google results.
