January 08, 2013 - 12:00
Users also encountered mobile malware hosted on fake Google Play app markets designed to closely mimic the real online storefront
GFI Software™ today released its VIPRE® Report for December 2012, a collection of the 10 most prevalent threat detections encountered last month. In December, GFI threat researchers found a handful of phony Google Play™ app markets hosting mobile Trojans as well as a number of spam email campaigns posing as messages from Amazon®, PayPal™ and LinkedIn®.
“Cybercriminals often make the effort to create phony websites and spam emails that appear authentic in order to increase the chances of catching users off guard and infecting their PCs,” said Christopher Boyd, senior threat researcher at GFI Software. “Over the past year, we have seen cybercriminals improve their ability to fabricate even more convincing sites that prey on users who rush into providing personally identifiable information or installing applications without completely investigating the legitimacy of the source. Users should be extra careful in every situation by taking the time to look at URLs and manually navigating to the sites that they want to visit.
Android™ users searching for Windows drivers for their smartphones on Yahoo! encountered various types of infections from the same malicious URL last month, depending on the type of device they used to conduct their search. Users browsing from a PC initiated an automatic download of a Trojan when they clicked on the malicious link, while users searching from an Android device were redirected to a number of infected websites filled with bogus search results. These results lead to fake Google Play app markets hosting two kinds of Android Trojans which, similar to the Boxer Trojan, hijacked the victim’s phone and sent out SMS messages to premium numbers.
LinkedIn users were the victims of an email spam campaign which sent messages indicating that another member had requested to connect on the popular social networking site. Users who clicked the link to accept the invitation were sent to one of several compromised websites containing Blackhole Exploit Kit code which redirected them to a site hosting the Cridex Trojan. Amazon customers were also victims of a similar campaign which sent emails disguised as order confirmations, receipts, or Kindle™ e-book order confirmations.
Last month, the same Trojan also infected the systems of spam victims who received fake PayPal emails fraudulently claiming that their sizable payment had been processed for a Windows® 8 operating system upgrade. Links contained in the email led to sites with Blackhole exploits serving Cridex. All of the scams above preyed on users’ belief that they were visiting authentic sites and required active participation by victims who needed to click on malicious links within the spam emails. Each could have been avoided by simply verifying that the email addresses used by the senders and the URLs that each link directed to were associated with trusted websites and organizations.
Top 10 Threat Detections for December
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that adware dominated the month, taking four of the top 10 spots.
About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.