Social engineering trick leads to Rogue AV: MacroVirus

I was reading a blog about a Rogue AV then I noticed a suspicious comment on it:



It the user was recommending an antispyware program and gave us the following url:
www(dot)tinyurl(dot)com/qlft9c

Following the link, tinyurl does its magic and we are directed to:

hxxp://macrovirus(dot)com/?hop=starbasi



If we believe everything we see and hear, we'll be downloading and installing a scareware:



Here we can see that the bad guys are clearly taking advantage of the url shortening service from tinyurl.com.

Also, you might notice, there's a striking resemblance between the following:

bassey edet
and
hxxp://macrovirus(dot)com/?hop=starbasi

This is probably giving us a hint as to how the bad guys get paid.

If you got this scareware, remove it immediately.