GFI Labs Reports on Cybercriminals Exploiting Search Engine Ads and User Inexperience

November 10, 2011 - 12:00

Users urged to exercise caution as they begin searching for deals and planning their online holiday shopping

Following last week’s launch of GFI VIPRE® Antivirus 2012, GFI Software today announced its VIPRE Report, a compilation of the 10 most prevalent threat detections for the previous month. Noteworthy threats in October 2011 included the return of a rogue web browser, a phony hacking tool for Gmail account password recovery and malware disguised as advertisements on Yahoo and Bing.

“The threats uncovered in October again demonstrate how cybercriminals prey on users’ inexperience and carelessness,” said Christopher Boyd, senior threat researcher at GFI Software. “They count on users being too excited by an exclusive offer or too trusting of online advertisements to do their due diligence. Whether users are downloading software or inputting personal information online, they should always do everything they can to verify that they are visiting a legitimate website and not a well-crafted forgery.”

In a continuing series of threats first noted by GFI in September, rogue advertisements were discovered among Bing and Yahoo search results. Searches for Adobe Flash produced ads posing as official Adobe download pages. A cursory examination of the website URL would have alerted users that they had been redirected to a third-party webpage.

Meanwhile, fraudulent programs like the Gmail password recovery tool take advantage of users who do not diligently research solutions to their computer issues. Gmail account holders trying to recover their passwords are tricked into installing a Trojan and paying a fee. A simple web search uncovers a safe and official recovery method offered by Google for free.

GFI Labs also spotted several phishing and 419 scams last month, including a secret shopper con; the Facebook appearance of the “world’s richest man” promising to give away his fortune; a fraudulent security message from the Royal Bank of Canada; and a Twitter direct message sent to hijack users’ accounts.    

Holidays Breed Cybercrime
As the holiday season approaches, GFI urges online shoppers to be extra cautious when browsing and shopping online. Cyber Monday shopping grows in popularity each year, making bargain hunters a likely target for new malware and phishing campaigns as they browse the web at work and at home. In addition to remaining vigilant while online, GFI suggests that users protect themselves further by making sure that their antivirus software is always up to date.

Businesses should also prepare themselves. A recent study discovered that 40% of small and medium-sized businesses have experienced a security breach resulting from employees navigating to a website that hosted malware. GFI advises businesses to educate employees about increased online threats related to online shopping and to ensure that their network is secure.  Last month, GFI released the latest version of GFI Webmonitor™, a web monitoring solution with new security and anti-malware features. GFI WebMonitor helps IT administrators defend their networks while enabling employees to be smarter, safer internet users.

The VIPRE Report – Top 10 Threat Detections for October 2011
GFI’s VIPRE Report is compiled from the collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continue to make up a large portion of the most prevalent threats, taking 4 of the top 10 spots. 

Yontoo (v) Adware (General)Adware1.77
INF.Autorun (v)Trojan1.30
Worm.Win32.Downad.Gen (v)Worm.W321.01
Trojan.Win32.Jpgiframe (v)Trojan0.98
Backdoor.Win32.Cycbot.cfg (v)Backdoor0.98
Pinball Corporation. (v)Adware0.88
Trojan-Spy.Win32.Zbot.genTrojan0.84 (v)Virus.W320.84

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.