GFI Labs Discovers Cybercriminals Stealing From Each Other and Unleashing a New Spin on Bogus Antivirus

August 05, 2011 - 12:00

GFI Software today announced the top 10 most prevalent threat detections for July 2011. Highlights included a malware-laden “autowhaler” application unleashed to infect cybercriminals stealing from phishers, while a fresh take on rogue antivirus offers up a fake codec suite for sale after it disables users’ video players.

“The fake autowhaler, rogue codec suite and other threats we uncovered in July underscore the growing sophistication and creativity of malware authors, and the continued evolution of cybercrime tactics,” said Christopher Boyd, senior threat researcher, GFI Software. “The autowhaler is especially telling because it demonstrates that even cybercriminals are not safe from infection on the Internet. If you are online, you are a target. Users need to remain vigilant because malware writers are constantly finding new ways to camouflage their scams.”

The exploitation of high-profile news, events and products through SEO poisoning, malicious URLs and spam attacks remains a popular disguise. For example, GFI investigated malware masquerading as the popular and widely adopted Skype© communications service and Adobe® Flash® Player browser plug-in. GFI also reported on how spam and malware can compromise users visiting legitimate websites like SourceForge, where a number of pages had been linking to a site distributing the rogue antivirus FakeRean.

Internet users should continue to be wary of any unsolicited pop-ups, emails, texts or messages delivered via social networking sites asking them to submit personal information or alerting them to problems with their PCs. If there is any doubt as to where a message originates or what information it requests—even if it looks legitimate—Boyd suggests that users not respond or click on any links.

“If you do get a message that appears to be from a bank, retailer or vendor you do business with, but they are asking for personal information, passwords or account numbers, don’t respond,” added Boyd. “If it’s something that users feel requires a response or further investigation, they should contact the purported sender through a known and trusted phone number to verify if the request is legitimate.”

This month, GFI warns users to be cautious of likely search term targets for scammers, such as team and player news for the upcoming NFL season and rumors surrounding the next iPhone. Users should tread lightly and avoid downloading anything unless it is from a verified source. GFI Software also advises users to frequently check that their antivirus software is up to date. For users who become infected with rogue antivirus, the company tracks the latest variants on its Malware Protection Center blog. There, users can find more information, screen shots and removal tips.

Top 10 Threat Detections for July
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE® Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that half of the top 10 threat detections found during July 2011 continue to be Trojans, mostly detected in generic form.

DetectionTypePercent
Trojan.Win32.GenericTrojan27.77
INF.Autorun (v)Trojan1.43
Trojan.Win32.AdwareAdware1.42
Trojan.Win32.Jpgiframe (v)Trojan1.24
Trojan.JS.Redirector.cd (v)Trojan1.18
Exploit.PDF-JS.Gen (v)Exploit1.15
Worm.Win32.Downad.Gen (v)Worm.W321.15
Yontoo (v)Adware1.12
Pinball Corporation. (v)Adware1.01
Trojan-Spy.Win32.Zbot.genTrojan0.94

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.