February 14, 2013 - 12:00
Cybercriminals continue to leverage brand awareness of popular websites to fool victims into clicking malicious links and sharing personal account information
GFI Software™ today released its VIPRE® Report for January 2013, a collection of the 10 most prevalent threat detections encountered last month. In January, GFI threat researchers identified a number of social network-based cybercrime attacks, including phishing messages on Twitter® and Facebook, as well as malicious spam messages disguised as event invites on LinkedIn®.
“As the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase,” said Christopher Boyd, senior threat researcher at GFI Software. “More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims.”
A number of Twitter users found themselves targeted by a direct message phishing campaign in January. The messages claimed that the victims were being singled out by a Twitter account that was spreading “nasty blogs” about them. The links contained in the messages led to a site that mimicked the official Twitter login screen. Users who unwittingly entered their account information without first looking at the page URL were sent to a 404 error message and then redirected to the legitimate Twitter login screen in an effort to fool them into thinking that they had simply encountered a problem on the real site.
Facebook users were the targets of a similar spam message, this one claiming that the victims had violated the social network’s policies by “annoying or insulting” other users, and ordering them to reconfirm their accounts to avoid being banned from the site. Users who clicked on the link contained within the message were taken to a page explaining that they had to complete a “security check” by entering personally identifiable information and Facebook login credentials, as well as revealing which webmail service was linked with their Facebook accounts. Finally, each user was prompted to enter the first six digits of their credit card, regardless of whether or not they had purchased Facebook credits in the past. After entering the first six digits, victims were required to provide the rest of the card number in order to “verify” their account, before having the hijacked accounts send out the same phishing message to their lists of Facebook friends.
Elsewhere, on the popular professional networking site LinkedIn, members who identified themselves as business owners received spam emails notifying them that an employee had sent them an event invitation. Clicking on the links in the email directed the victims to malicious sites containing malware that exploited unpatched vulnerabilities on their systems. Users who did not click on the malicious links or who kept their third party software up to date were less at risk of infection.
Top 10 Threat Detections for January
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans and Adware dominated the top 10 during the month, accounting for a total of seven of the top 10 detections.
About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.