Image for illustrative purposes. (Internet source)
The links above, camouflaged by Google's URL shortening service (goo.gl), "pass" through a series of redirect URLs before "responding" to a Ukrainian top-level domain name, then transfer towards an IP address associated with dishonesty-based rogue antivirus software - Kaspersky Lab researcher Nicolas Brulez wrote on the company's blog.
The victims 'landing' on the site with fake antivirus software will be prompted by this site to scan (scan) their computers. If they approve the scan, this site will ask if they want to remove threats from their computers. If users follow, they will begin downloading a 'ghost' security program called " Security Shield ."
The fake antivirus programs are spreading on the Internet with hundreds of variations. They target Windows users, often installed by exploiting vulnerabilities in computer software. Once installed, they 'numb' users who pay for a full version of the program. Many programs are completely ineffective in actually removing malware (malware) from the computer.
Ms. Del Harvey, head of the Trust and Safety group of Twitter, wrote on her Twitter account, " We are proceeding to remove malware links and reset passwords on compromised accounts ."
Sunbelt Software, a security firm now owned by GFI Software, has provided detailed instructions on how to remove the fake Security Shield antivirus program on one of its forums.