Nowadays, the most prevalent infections belong to rogueware, which are those fake antivirus, antispyware or anti-anything that try to take the money from the users by making them pay to remove nonexistent threats. As we showed recently, they are making huge amounts of money.
They are usually installed on victim's computers using drive-by-download techniques, as well as using the typical social engineering stuff we see to distribute any kind of malware through spam. We see this kind of spam on a daily basis, some samples are the usual spam message with a link to a supposed greeting card, others come with a trojan downloader that if run will download & install the rogueware, anothers are links to websites with photos or videos that will ask you to install some fake codecs (rogueware) to see them:
But today we have found an even more smart way to fool users. At first I though it was the typical message flowing around to get valid e-mail addresses:
Once you click on the link it takes you this place:
When clicking on "Download" the user will find out that it was not as free as he could have thought:
Of course the rogueware is not free; in fact it is not at all, as you pay and obtain nothing in exchange. Taking a look at the URL, I've notice that it has the word "antivirus2" in it. Then I removed the "2" and that's what I've obtained:
Of course it belongs to a diiferent scam from the same guys.