Work From Home, Make Big Bucks! (Or: Click This Link, Get Malware)

A website pretending to be the BBC could be awful for some user’s computers.

Few media outlets have the prestige of the BBC. Here in North America, the Beeb is associated with high-class, “Masterpiece Theatre” fare like “I, Claudius” and beloved programs like “Dr. Who.” Which could make the British broadcaster the perfect trap for unsuspecting web surfers looking to make some dough.

According to Help Net Security, scammers and malware writers have started making more fake websites in hopes of getting people to click on false links and get infected with a worm or malware. The news source said GFI Software’s Chris Boyd recently spotted a fake BBC website that shows users “how to earn over $10,000 per month by working from home.”

When clicking on the offer, victims are  taken to a page that says “Java plug-in required” and asks them to wait while the page is loading. While this is happening, the fake plug-in, which is actually a Trojan, is loaded onto the user’s computer. The exploit kit will download several pieces of malware to the user’s computer, including versions of the Zeus, Sirefef and Fareit Trojan viruses. So much for $10,000 a month.

“There are a number of different work from home URLs you can expect to be sent to and they all have comments closed (right after everybody said the work from home pack worked, which is of course handy for the site owner) while claiming that the ‘offer ends tomorrow,'” Boyd wrote on the GFI blog. “This is a rather nasty pack of malware, and it’s quite possible we may see more of these work from home sites dabbling in exploits – not a comforting thought when you can open up any random forum/website and have a halfway decent chance of seeing a ‘work from home, earn big money’ advert.”

Help Net Security points out that there was a similar attack launched from fake American Express websites, which asked people to verify their email account with their user ID and information. Users were taken to a page that asked them to wait while the website loaded malware onto their computer.

“This spam run is the latest in a long line of similar ones targeting a wide variety of users, and for the victims it usually ends up with information-stealing malware being installed on their computers,” the sourcesaid. “When receiving an unsolicited email with embedded links, it’s always best to ignore them and go to the service provider’s website directly by entering its web address into the browser.”

If you’ve got a layered security approach, you can protect yourself for some of these threats. Of course, smart browsing and clicking habits are invaluable. How do you try to stay clear of malicious websites like this? Are you ever tempted by offers that you know are too good to be true?

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.