GFI Software Sees Continued Rogue AV Threat in April

May 12, 2011 - 12:00

Royal Wedding, President Obama’s birth certificate, Easter holiday and Yuri Gagarin anniversary served as prime targets for malicious attacks

GFI Software announced the top 10 most prevalent malware threats for the April 2011. Notably, April saw a continued increase in the volume of detected malware, with 73,000 new variants of threats being released daily — a 26 percent increase over the same period last year. Also in April, online scammers and malware writers waged an increasingly aggressive campaign of rogue antivirus (AV) attacks exploiting several high-profile events, including the Royal Wedding, the Easter holiday, the anniversary of Yuri Gagarin becoming the first man in space, and the release of President Obama's long-form birth certificate.

“In addition to the increase in fake AV offerings, April saw a rise in high-profile security breaches. Both online marketing firm Epsilon and Sony’s PlayStation® Network had security breaches at the hands of hackers last month,” said Christopher Boyd, senior threat researcher at GFI Software. “For those affected by serious data breaches, it is of the utmost importance to maintain vigilance well after the initial chaos has ended.”

Internet-based scammers are using an array of techniques to infiltrate end-user computers. Popular methods include SEO poisoning attacks to hijack legitimate search results, such as searches for printable Easter cards and Royal Wedding coverage, as well as rogue AV applications and malicious websites that prompt users to install fake software on their PCs to view supposedly exclusive content.

The Royal Wedding also presented an additional challenge to consumers, businesses and Internet service providers. While most UK citizens watched the ceremony on TV at home, many viewers internationally turned to free online streaming offered by YouTube and news sites to watch live and on-demand coverage of the big event. Underscoring the need for a comprehensive web monitoring solution, popular streaming video poses a threat of SEO poisoning and other malicious attacks (through users being misdirected to malicious websites while searching for a video), while itself putting significant pressure on network bandwidth, resulting in slow data transfers and reduced productivity.

GFI warns users to be mindful of Internet searches for several high profile events during the month of May as well. These may include malware attacks surrounding the Indianapolis 500, Towel Day (celebrating the late author Douglas Adams) and college graduation season. Any of these events could be prime targets for SEO poisoning or phishing attacks, and users should also be wary of unsolicited emails or web offers.  

Top 10 Malware Detections for April
GFI’s top 10 malware list is compiled from collected scan data of tens of thousands of GFI VIPRE® Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. Consistent with the month of March, ThreatNet statistics revealed that seven of the top 10 malware threats in April were Trojans. Trojans detected as Trojan.Win32.Generic!BT (a generic detection that encompasses a broad array of Trojans) continue to be the number one threat, accounting for 20.73 percent of total malware detected this month.

Detection                                              Type                 Percent

Trojan.Win32.Generic!BT                        Trojan               20.73

Trojan-Spy.Win32.Zbot.gen                    Trojan               2.74

Zugo LTD (v)                                         Adware             2.54 (v)                    Trojan               2.27

Trojan.Win32.Generic.pak!cobra             Trojan               2.06

Trojan.Win32.Generic!SB.0                     Trojan               1.79

Trojan.Win32.FakeAv.awrp (v)                Trojan               1.28

INF.Autorun (v)                                      Trojan               1.27     

Worm.Win32.Downad.Gen (v)                Worm               1.24

Pinball Corporation (v)                           Adware             1.23

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.