16 Million Mobile Devices Infected With Malware in 2014

A new report published by Alcatel-Lucent’s Motive Security Labs estimates that 16 million mobile devices were infected with malware in 2014.

The rate of mobile infections in 2014 was 0.68%, which represents a 25% increase compared to the previous year. According to the telecoms company, 16 million is a conservative estimate considering that its sensors don’t have complete coverage in regions like China and Russia.

“In mobile networks, Android devices have now caught up to Windows laptops as the primary workhorse of cybercrime. With one billion Android devices shipped in 2014, the platform is a favorite target of cybercriminals who can have lots of infection success without a lot of work,” Kevin McNamee, director of Alcatel-Lucent Motive Security Labs, wrote in a blog post. “Android is more exposed than rivals because of its open platform and by allowing users to download apps from third-party stores where apps are not always well vetted.”

The number of Android malware samples in Motive Security Labs’ database increased by 161% last year, reaching close to 1.2 million.

The company has pointed out that the sophistication of Android malware has also increased. Older variants used primitive command and control (C&C) mechanisms, they had hard-coded and inflexible configurations, and they were easy to detect. However, in 2014, malware authors started leveraging more advanced techniques and even integrated rootkit technologies, a trend demonstrated by threats such as NotCompatible and Koler.

According to the report, six of the top 20 mobile pieces of malware are from the spyware category. These types of threats are designed to track users’ location, calls, text messages, emails, and Web browsing.

As far as residential fixed broadband networks are concerned, infection rates increased last year, but mainly due to adware. High-level threat infections (bots, rootkits, banking Trojans) increased slightly in the second quarter of 2014, but then they dropped again to roughly 5%, the report shows.

Researchers have also pointed out that many consumers avoid shopping online to prevent their credit card information from being stolen by cybercriminals. However, the risks are even greater at brick-and-mortar stores where cash registers and point-of-sale (PoS) terminals can become infected with malware.

“Card information stolen from online retailers can only be used for online purchases. Online purchases typically need to be shipped to the address of the card owner, making them less usable to fraudsters,” reads the report. “Because the point-of-sale-based malware records all the information in the magnetic strip on the card, the data they collect can be used to make new physical cards. Criminals use these forged cards in stores to buy expensive items such as electronics, which can easily be sold for cash.”

Robin Williams goodbye video used as lure in social media scams

Within 48 hours of the news surrounding the death of actor and comedian Robin Williams, scammers honed in on the public’s interest and grief. There is currently a scam campaign circulating on Facebook claiming to be a goodbye video recorded by the actor just before his death.

Fake BBC news site with fake Robin Williams goodbye video

There is no video. Users that click on the link to the supposed video are taken to a fake BBC News website. As with many social scams, users are required to perform actions before they can view the content. In this case, users are instructed to share the video on Facebook before watching.

 Facebook share dialog with fake comments and shares

If a user clicks on the “Share on Facebook” button, they are prompted with a share dialog box. This box misleads users into believing this page has received millions of comments and shares but, actually, scammers have leveraged Facebook Open Graph metadata as a trick.  

Scam site asks users to install fake Facebook media plugin

After sharing the link to their Facebook friends, users won’t be presented with a video. Instead, they’ll be asked to install an application on their computer or to fill out a survey. Scammers operating these sites use affiliate programs to earn money for the completion of surveys and file downloads.

Symantec has alerted Facebook about this scam campaign and they are taking steps to block the offending URLs.

Over the years, scammers have used both real and fake celebrity deaths as a way to convince users to click on links and perform actions. From Amy Winehouse and Paul Walker to the fake deaths of Miley Cyrus and Will Smith, scammers are opportunistic and always looking for ways to capitalize.
 
Before you click on a link a friend may have shared on social media, follow these best practices:

• Be vigilant and skeptical when reading sensational stories on social media sites.
• Don’t install applications or do surveys in order to view gated content. It's a trick to put money in the pockets of scammers and your computer or device is at risk to malware.
• Visit trusted news sources for information. Instead of clicking on random links online, go directly to your trusted news source.
• Report suspicious content. Do your part by reporting these types of posts as spam.
  

"Girl killed herself" Facebook scam returns

If the title of the "Girl killed herself, after her dad posted This to her Wall" Facebook page sounds somewhat familiar, it is because almost two months ago the very same sentence came up popped up on many a user Wall, in connection with a supposed Trojan infection.

There must be something in the title that made a lot of impact, because here it is - trotted out for another scam.

The user sees it on a friend's Wall, follows the link to the page, where a warning about possible inappropriate content pops up. After getting it out of the way, another pop-up window appears, in which the user has to prove that he is human and not a bot:

Unfortunately for him, this simple test is there to hijack his clicks and use them to post the unfortunate message on his Wall, in order to spread the scam further.

In the end, the user is asked to participate in one of several surveys offered so that he is finally allowed to access the content he wanted to see. But, tough luck, the only thing that will actually happen if he does complete a survey is that the scammers will try to make him sign up to premium rate services.

I know it is sometimes difficult to resist the lure of an interesting caption, but you must learn that things like these are rarely (if ever) benign.

How to Protect Yourself From the "Here You Have" Virus

A harmful new computer worm infested the computers of large companies and federal agencies through an e-mail attack Thursday, bringing down such major companies as Disney, NASA, Comcast and more.

The worm disguises itself as a benign e-mail message with the subject line "here you have," and replicates itself by tricking you into clicking a link in the e-mail message's body. Then it can disable anti-virus products stored on your computer and send copies of the original, dangerous message to all the contacts in your e-mail address book.

Once the virus infests a computer, it can also spread to the local network -- which can include home and office computers -- surreptitiously copying itself to the shared hard drives of machines.

The threat is rapidly spreading through the enormous quantity of e-mail messages it has generated, said Internet security companies Norton and McAfee Labs, which have detected that many e-mail servers have ground to a halt due to the sheer volume of wire-clogging spam. The Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) even weighed in on the worm, with advice for users.

“US-CERT is in the process of collecting and analyzing samples of the malware and has developed and disseminated mitigation strategies,” spokeswoman Amy Kudwa said. “Basic cyber security practices and hygiene are essential to maintaining the security of networks and individual computers.”

US-CERT recommends that you take more caution with your e-mail than usual, advising not to click on links in unsolicited e-mails, to install anti-virus software and frequently update it, and to turn off an option on your computer that automatically downloads attachments.

Security experts from Norton advise additional, more extreme steps you can take, such as disabling network sharing and disconnecting infected computers from the local network. If you've already gotten a "here you have" e-mail, the company suggested blocking outbound traffic to the domains or IP addresses contained in the e-mail to prevent users from connecting to distribution sites to download.

But the easiest way to protect yourself from this and other viruses is the simplest: Make sure you're running an anti-virus program and make sure it's up to date. PCMag.com security analyst Neil J. Rubenking agreed, stressing the importance of your own actions in keeping you safe.

"People! DO NOT click links in e-mail messages from unknown people. DO NOT even click links in e-mail messages from your friend, since the real source of the message might be a virus. DO keep your computer protected with an antivirus or a security suite," he wrote in an entry on the Security Watch blog.

"That way if you click the wrong link in a fit of weakness, you'll still be protected from whatever new threat replaces 'here you have,'" he pointed out.

Mass Drive-By Attack Used Web Widget

Attackers took a different spin on mass infection, and targeted hosting provider Network Solutions Inc.

A widespread Web attack discovered over the weekend that targeted Network Solutions Inc. customers' parked or "under construction" Web domains used a drive-by download attack more stubborn than the popular and more common mass SQL injection attacks.

The attack, which began with an infected widget on NSI's growsmartbusiness.com website for small businesses, led to a mass infection of NSI customers' reserved domains, according to researchers at Armorize who spotted the attack.

Users get infected merely by visiting a site with the infected widget. So far the researchers have seen the attack exploiting vulnerabilities in Internet Explorer. "They visit a page and end up with malware. There's absolutely no click and no user awareness of anything. They visit the page, the [exploit] attacks a vulnerability inside the browser and takes control of the browser," he says.

Then the attacker writes malicious code to the disk and executes it, he says. The researchers found evidence of fully compromised websites by the attack with a Web "shell," basically a control panel the attackers install once they've fully compromised the site.

"This allows you to do anything you'd like to do, insert any content," he says.

The attackers behind the drive-by attack on NSI's domains appear to be out of Asia. The attack ultimately sends users to phishing sites, Huang says. Armorize actually first saw the attack in May, when researchers found it on the Boingboing.com parked domain. "We didn't realize then that the entire NSI parked domain was infected," Huang says.

Armorize's blog posts and demonstrations of the attacks are here.

1.2 million infected by Eleonore exploits toolkit

AVG’s Web security research team has discovered a network of 1.2 million malware-infected computers controlled by cybercriminals who were using the Eleonore exploit toolkit – a commercial attack software enabling cybercriminals to infect and monitor compromised PCs.

The two-month-long study by AVG Research researched 165 Eleonore toolkits in use by cybercriminals and concluded that those using the Eleonore exploit toolkit were experiencing a 10 percent success rate in infecting the more than 12 million users visiting their compromised web pages.

All 165 domains experienced high volumes of traffic which the cybercriminals managed to compromise. The research was built using AVG LinkScanner product data, identifying URLs that the product blocked when it identified a threat.

“The accessibility and sophistication of easy-to-use cybercriminal toolkits proves that cyber gangs are raising the bar to monetize their criminal activities,” said Yuval Ben-Itzhak, senior vice president, AVG Technologies.

Single Trojan Accounted For More Than 10 Percent Of Malware Infections In First Half 2010

Top two threats both exploit the Windows Autorun feature, BitDefender study say.

When something works, hackers keep doing it. And as a vehicle for delivering malware, Microsoft's Autorun.INF utility is still working just fine, according to researchers at BitDefender.

In a study issued earlier this week, BitDefender reported that the top two malware offenders during the first six months of 2010 -- Trojan.AutorunINF.Gen and Win32.Worm.Downadup.Gen -- both exploit Autorun.INF.

Trojan.AutorunINF.Gen alone accounted for 11 percent of all the malware infections detected by BitDefender in the first half, according to the report.

"The autorun technique is massively used by worm writers as an alternate method of spreading their creations via mapped network drives or removable media," BitDefender says.

Initially designed to simplify the installation of applications located on removable media, the Windows Autorun feature has been used large scale as a means of automatically executing malware as soon as an infected USB drive or an external storage device has been plugged in, the report states. Unlike legitimate autorun.inf files, those used by miscellaneous malware are usually obfuscated, the researchers say.

"Before the arrival of the second service pack for Vista, Windows-based operating systems would follow any autorun.inf file instructions and blindly execute any binary file the autorun file pointed to," the report says. "Because of the risk the users were exposed to, Microsoft subsequently deactivated the autorun feature for all the removable devices except for the drives of type DRIVE_CDROM4."

MBR worms made a comeback in early 2010, with upgraded viral mechanisms, BitDefender states. Late January saw the emergence of Win32.Worm.Zimuse.A, a deadly combination of virus, rootkit, and worm.

Regionally, China and Russia are the world's top malware distributors, the report says. "During the last six months, China [31 percent] has been the most active country in terms of malware propagation, followed by the Russian Federation [22 percent]. Both countries are known for their lax legislation regarding cybercrime, as well as for the plethora of 'bulletproof hosting' companies," such as the Russian Business Network, which has been officially terminated but remains extremely active in practice, the researchers say.

PayPal remains the top phishing target in the world, acting as the subject for 53 percent of attacks, BitDefender says. PayPal's parent, eBay, finished second with 16 percent.

Spam continues to be a problem for most companies, according to BitDefender. Most spam messages are used to sell pharmaceuticals -- in fact, medicine-related spam jumped from 50 percent to 66 percent in the first half, according to the report.

While Web-borne malware remains strong, cybercriminals are moving more toward Web 2.0 exploits, focusing on social networks, such as Facebook and Twitter, while also expanding their attacks on instant messaging systems, the researchers say.

10,000 XP machines attacked through 0-day flaw

The Windows Help and Support Center vulnerability, the details of which have recently been made public by researcher Tavis Ormandy, is being heavily exploited in the wild.

According to a recent post on Microsoft's Malware Protection Center Blog, public exploitation of the vulnerability started on June 15th, but those attacks were probably undertaken by other researchers, since they were targeted and rather limited.

After that, the attacks became more widespread, and the targets more numerous. Microsoft claims that as of yesterday, over 10,000 separate computers have reported witnessing this attack. Computers in Portugal and Russia have seen by far the highest concentration of attacks:

The attacks only increased with time. Microsoft started seeing "seemingly-automated, randomly-generated HTML and PHP pages hosting this exploit", and the goal of the attacks was to plant Trojans and viruses on the targeted system.

For those users who don't use Microsoft's security solutions with updated signatures for the detection of the exploit, the company advises implementing the workaround listed in the advisory.

FIFA World Cup Soccer - Malware based attacks continue

Symantec and Message Labs continue to warn of malicious email, scams and websites, using the 2010 Soccer World cup theme. Some of these continuing attacks are arriving in my own email, so please be careful:

FIFA World Cup Soccer - Malware based attacks continue
http://www.symantec.com/connect/blogs/fifa-world-cup-scams-continue-circulate

QUOTE: As reported in the June MessageLabs Intelligence Report, MessageLabs Intelligence is seeing a great variety of different threats relating to the upcoming FIFA World Cup. We’ve seen 419-style scams, including emails offering tickets to games; fake accommodation providers; offers of contracts to supply clothing and boots; offers of free mobile phones; scams looking for companies to provide additional electricity/power for the World Cup; and more. All designed to ultimately obtain the recipient’s personal details, and/or money by means of deception and fraud.

MessageLabs Intelligence has also seen fake World Cup tickets for sale on well known auction websites, or advertisements offering tickets, that in reality are unlikely to give the buyer access to any games. Moreover, we’ve seen a huge volume of spam that contains World Cup related content, but is actually not about the World Cup.

Samsung smartphone shipped with malware-infected memory card

The latest mass-market product that has been found being shipped to customers while containing malware is the Samsung S8500 Wave phone with the Samsung bada mobile platform.

The malicious file in question is slmvsrv.exe, and can be found on the 1GB microSD memory card contained in the smartphone. The malicious file is accompanied by an Autorun.inf file, which installs itself on any Windows PC that still has the autorun feature enabled.

According to Michael Oryl, he received a device for testing and after he found out that the card was infected, he did an online search for the file in question and unearthed two posts on some German forums that claim the same. He contacted Samsung, and they confirmed that the initial production run of the devices shipped to Germany was, indeed, infected.

"A PC that is infected with the malware will try to copy the program and associated autorun.inf file onto any memory card or USB memory drive that is inserted into the infected computer. The copied files will show the then-current date and time, which indicates that our memory card was infected in the first half of May, before the phone was shipped overseas to us," says Oryl.

IBM accidentally includes on USB drive at AusCERT 2010

IBM accidentally distributed some infected USB sticks that contained a Keylogger agent (which can infect via USB flash drives). IBM may have contracted these drives with their logo to another manufacturer and may not be even be responsible. The key point is that even with media from highly reputable companies, there is a need for AV protection at all times and also users who were up-to-date on Microsoft Security patches would also be well protected. Accidents can always happen in addition to direct attacks.

Conficker Worm - IBM accidentally includes on USB drive at AusCERT2010
http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx
http://www.zdnet.com/blog/security/malware-infected-usb-drives-distributed-at-security-conference/1173

QUOTE: "At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," IBM Australia chief technologist Glenn Wightwick wrote in an email to delegates this afternoon. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

IBM said in a statement that a "small number of IBM-branded USB sticks distributed to delegates at the recent AusCERT2010 conference were found to contain malware". "IBM has immediately contacted delegates with remedial advice, and regrets any inconvenience that may have been caused," an IBM spokesman said.

Email Attack Targets HR Departments

The global recession has brought a shortage of jobs, but job seekers are not the only ones who are targeted by malicious emails and scams.

A targeted attack aimed at human resources departments and hiring managers in the U.S. and Europe was spotted this week -- and sent 250,000 emails during a four-hour period yesterday at the height of the assault.

TrendLabs has recently spotted an email spam campaign that contains just one line of text:

The Resume_document_589.zip file attached to the message is supposed to be the CV in question, but is actually a zipped-up malicious .exe file that drops a Trojan downloader into the victim's system.

The attack had morphed today, with a modified binary, and a different subject line and email message. The theme was the same, though: a prospective application with a CV attached. A CV campaign is still ongoing right now [as of 5:30 UK time], sending to hundreds of thousands of recipients.

Most users and especially HR managers wouldn't be fooled into opening the attachment, but for those who are not familiar with this type of spam, the curiosity might prove too much.

It is good to remember that unsolicited emails should be carefully analyzed - if you're not expecting such an email, and you don't recognize the sender's name or email address, it is best to pass up on opening attachments or following embedded links.

Trojan disguised as a toolbar for Facebook

A Facebook toolbar is just what you need to make your sharing and connecting with friends easier, says in an email supposedly coming from "Facebook.com":

If you decide to click on the download link, the downloaded file ("toolbar.exe") will present itself with an icon of a black ball with "darkSector" written on it. That should be enough to raise suspicion, and a look at the file properties should be in order:

Sure enough, the properties reveal a positive jumble of information that has no connection whatsoever to Facebook (HijackThis is a well-known piece of security software from Trend Micro).

But, even if you wanted to download HijackThis, this isn't it. Symantec detects the file as a dropper Trojan, and recommends everyone to take this simple little step to check every file that looks suspicious for any reason and whose provenience you doubt - oftentimes, the attackers won't even bother to properly disguise the file they are sending, or will do it badly.

New Malware Scheme Targets IPad Owners

iPad owners and all-around Apple fans can take comfort in one fact today: the iPad isn't technically affected by a new problem. However, iPad owners who also own PCs running Windows have been targeted by a fresh scheme meant to create a backdoor and steal important info.

A statement provided by BitDefender warned that people are receiving emails telling them to update their iPad's software. A link then takes them to an authentic-looking site where they can download what's supposed to be an iTunes tweak, and the situation gets hairy.

BitDefender explained that things go downhill as "Backdoor.Bifrose.AADY . . . injects itself in to the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system."

The explanation continued, "Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts, and protected storage."

Losing all of that information (along with control of one's computer) is perhaps not the nicest way to celebrate a new gadget purchase. iPad owners should try hard to keep their collective guard up.

iPhone unlocking tricks get PCs into trouble

A malware-spreading mechanism targeting the “iPhone unlocking” fans goes to prove that cybercrime is never short of imagination. This is how the story goes: you receive an e-mail in which you find out that you might get your hands on a new version of an iPhone unlocking application which basically allows you to overcome vendor set network restrictions. All you have to do is click a link that will take you to the web page on which the technical wonder awaits you.

As you get further on into the maze of this scheme and actually click the link, you land on a web page which provides instructions to be followed in order to download the unlocking application:

First off, you are to connect the iPhone to the PC, then download “the new modified” application and run it on the iPhone. And that’s when the magic begins: once downloaded and run, the executable opens up the way for a nice Trojan to fester on your PC.

The “enhanced” version of the executable hides Trojan.BAT.AACL.

Identified by BitDefender as Trojan.BAT.AACL, this piece of malware comes as a Windows batch file packed alongside the iPhone jailbreaking application. The Trojan attempts to change the preferred DNS server address for several possible Internet connections on the users’ computers to 188.210.[REMOVED]. This allows the malware creators to intercept the victims’ calls to reach Internet sites and to redirect them to their own malware-laden versions of those sites.

President's death used for fake AV peddling

Scammers are taking advantage of the people's interest in the news of the tragic death of Poland's President Lech Kaczynski to peddle their fake AV software.

By poisoning search results, they are hoping to dupe as many users as possible. And even though Google is detecting and labeling many of the malicious links with the well known "This site may harm you computer" warning, there are always some that escape detection:

According to CA, the fake AV in question is named "CleanUp Antivirus", and presents the usual fake results that are aimed at making you think that your computer is a hotbed of viruses and Trojans.

As always, when searching for high profile news stories, it is best to stick to the well-known, legitimate news sites.

Devious ransom trojan takes data hostage

Taking data hostage is not a new invention in the world of cybercrime but a trojan currently infecting computers does it in a way that can leave the victim unaware that he has been scammed.
Mikko Hypponen, CRO at F-Secure, says, “When the W32/DatCrypt trojan infects a computer, it makes it seem as if some files, such as Microsoft Office documents, video, music and image files have been “corrupted”, when the files have in fact been encrypted by DatCrypt. Next the trojan creates what looks like an authentic message from Windows, advising the user to download and execute the "recommended file repair software" called Data Doctor 2010.”

If this utility is downloaded and executed, the user receives a message that it can "only repair one file in unregistered version". In order to repair — or more accurately, decrypt — more files, the user has to buy the product for $89.95. After the money is paid, the software does return access to the files.

Mikko Hypponen continues, “This trojan works in a very devious way. The user is probably very relieved to get his files back and may not realize that he has just paid a ransom for his own files. The user may even recommend what seems like an excellent file recovery product to his friends. Similar ransomware tricks have also involved the File Fix Pro utility during the past year.”

These criminal schemes only work if the user has not backed up his important files elsewhere. F-Secure recommends that everyone backs up their important files regularly, either on removable media like CDs, DVDs or USB thumb drives, or with online resources.

Spammers Target Brands To Spread Malware

Spammers continue to take advantage of the reputation of global brands such as UPS, DHL and Facebook to prompt opening of emails, according to a new report from Commtouch.

During the past quarter, cybercriminals focused on distributing the Mal-Bredo A virus, according to Commtouch's Threats Trend Report for Q4 2009. The number of variants decreased from 10,00 to 1,000 as compared to last quarter.

"As we review the Internet threats for this quarter, we can really see the creativity the cybercriminals use to ensure their messages are opened," said Asaf Greiner, Commtouch vice president, products.

"Whether we like it or not, their activities really demonstrate when society-wide activities - such as social media participation - reach critical mass. Essentially, if a spammer is using a specific brand to entice consumers to open their mail, it means that brand has achieved a strong, positive reputation."

Blended threats, including fake Swine Flu alerts and Halloween tricks, continued to circulate, while spammers introduced a few new ploys including MP3 spam and personal improvement spam targeting women.

Other highlights from the Q4 Trend Report include:

An average of 312,000 zombies were newly activated daily for the purpose of malicious activity.

Spam levels averaged 77% of all email traffic throughout the quarter, peaking at 98% in November and bottoming out at 68% at the end of December.

Sites in the "Computers & Technology" and "Search Engines & Portals" categories topped the list of Web categories manipulated by phishing schemes.

"Business" continued to be the Web site category most infected with malware for the third quarter in a row.

Pharmacy spam remained in the top spot with 81% of all spam messages; last quarter, it led with 68%. Replicas remained in the #2 spot, falling from 19% to 5.4%.

Brazil continues to produce the most zombies, responsible for 20.4% of global zombie activity.

Adobe predicted to Surpass Microsoft As top Malware Target in 2010

Adobe predicted to Surpass Microsoft As top Malware Target

Adobe Flash and Acrobat are popular standard tools for users. Any unpatched vulnerabilities provide wide targets for malware developers. It is essential to keep both of these products patched to ensure the best levels of safety. Also users should avoids avoid any suspicious items presented to them in email or web browsing.

Adobe predicted to Surpass Microsoft As top Malware Target in 2010
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222100263

QUOTE: Adobe Reader and Flash will surpass Microsoft Office applications as favorite targets of cybercriminals, a security vendor predicted Tuesday. In unveiling its 2010 Threat Predictions report, McAfee said the growing popularity of the Adobe products has attracted the attention of cybercriminals, who have been increasingly targeting the applications. Adobe Reader and Flash are two of the most widely deployed applications in the world. As a result of Adobe's success in client software, McAfee Labs believes "Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010."

McAfee Threats prediction 2010
http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf

There's No Such Thing as a Free Movie

Those looking to see the latest 3D blockbuster movie, The Avatar, on the cheap will have to take great care in what they search for. We have become aware of at least one site that has been rigged to redirect users to a page that presents the now-familiar "play video/need codec" screen. In an unusual twist, this time it is offering a new ActiveX update rather than the usual codec or Flash player updates.

Read on to see what new tricks these scammers have up their sleeves.