IQ Quiz Invitation Scam Rolling on Yahoo

...Or how your lack of security could expose your contacts to risky content

Quizzes and surveys bring a big chunk of revenue cyber-crooks make on the account of unwary computer users. For about one year, rogue Facebook™ apps have helped them direct large amounts of traffic to survey websites, but they have also started to exploit instant messaging service users. Today we bring under the scope a spam bot that tries to lure contacts into taking a quiz for “research purposes” – a scam a twist, since it may add some hundred dollars to your phone bill.

The scenario is simple: an infected contact engages into a conversation with the victim, initially by greeting them. The screenshot below was taken during a conversation with one of my Romanian fellows who hardly know any English. Obviously replying with junk didn’t bother him too much, so the bot at the other end kept detailing on the purpose of the conversation.

Legit account used by a spam bot

A friend in need is a bot indeed.


Once the link is clicked, it will take the user to a website where a script ensures that you are indeed a victim and not someone who would like to pry into the system. For this reason, your user-agent, IP address and “invitecode” ID are checked. If any of these checks fail, you’ll get redirected to or you’ll be served an empty page rather than the malicious content.

If your background check stands, you’ll get redirected to a survey page where you are asked 11 questions and challenged to beat the IQ of 144. Of course, what you get is a random score between 110 and 138, along with the prize: a ringtone for your cell, which you have to claim by submitting your phone number and confirming the password you will receive.

Random quiz score

Since you scored higher than nobody, you are allowed to pay us 10 bucks for a ringtone – an offer too hard to pass.

Once you have confirmed your cell number, get ready to receive premium-rate MMS messages that will punch you a pretty large hole in your budget.

This is just one of the circumstances in which your lack of security could actually expose your contacts to scams and fraud. As always, ensure that you minimize risks by running an updated security solution such as those offered by BitDefender. Also, if you receive suspicious messages coming from your contacts, please make sure that you don’t click anything without having direct confirmation from the other contact that the link has been sent voluntarily.

Pay extra attention to the fact that some IM bots can engage in complex conversations, as they are instructed to provide answers based on keywords. For instance, they may react to keywords such as “scam”, “bot”, “virus” and “malware” with assuring sentences about the legitimacy of the message. Some others react to swear words, which make their illicit activity less suspicious to the victim.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.