GFI Labs Warns of Cybercriminals Impersonating Government Agencies and Exploiting High-Profile Events

September 07, 2011 - 12:00

The developer of GFI VIPRE® Antivirus reports on top threats for August

GFI Software today announced its top 10 most prevalent threat detections for August 2011. Notable threats last month included spam and poisoned search engine results targeting fans of Harry Potter, Trojans posing as electronic traffic tickets from the New York State Department of Motor Vehicles, and phishing emails disguised as official notices from the Department of Defense.

“Last month, we saw scammers out in full force,” said Christopher Boyd, senior threat researcher at GFI Software. “They tried to exploit the incredible public interest in the launch of the Harry Potter fan site Pottermore, and they concocted fresh schemes to impersonate government agencies in order to defraud the public. In many cases, cybercriminals are recycling the same tactics. That underscores how much work still needs to be done to educate the public, but it also helps the security community anticipate new threats.”

This month, GFI urges users to be on guard as the 10th anniversary of the terrorist attacks of Sept. 11 approaches. Users should be skeptical and avoid clicking on links and videos circulating through social networks and email. They should diligently confirm the validity of any requests they receive for financial assistance to victims, their families, first responders and memorials.

Additionally, GFI warns parents to do what they can to protect children online as they head back to school. In its 2011 Parent-Teen Internet Safety Report released this summer, GFI found that 33% of parents are unsure of whether or not their teen’s school teaches safe Internet practices, while 24% of teens indicate that either their schools do not provide such training, or they are unsure of whether or not it is available. Furthermore, 89% of parents say they have antivirus software installed on their computers. However, only 28% of these say they update their virus definitions daily, and 24% are not sure if they are updating these definitions at all, leaving them open to any number of malware attacks that users encounter daily. GFI Software advises parents to frequently check that their antivirus software is up to date.  

Malware writers are also trying to cash in on the growing awareness and potential confusion among the general public on the latest technology trends, like cloud computing. GFI recently posted a warning about OpenCloud Antivirus, a fake antivirus program that scares infected users into purchasing software to clean phony scan results. For users who become infected with rogue antivirus programs, GFI tracks the latest variants on its Malware Protection Center blog. There, users can find more information, screen shots and removal tips.

Finally, the FBI recently issued a warning against fraudulent charity organizations soliciting donations for victims of Hurricane Irene, a tactic that cyber scammers continue to employ in the wake of natural disasters. Earlier this year, GFI Labs illustrated how scammers exploited the Japanese earthquake and tsunami through email, Twitter, Facebook, YouTube and SEO poisoning. GFI recommends that users always remain wary of unsolicited emails claiming to help those affected by natural disasters, and only donate to relief funds through trusted, legitimate organizations.

Top 10 Threat Detections for August
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE® Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system.  ThreatNet statistics revealed that Trojans still dominated the month, making up 5 of the top 10 detections.

DetectionTypePercent
Trojan.Win32.GenericTrojan31.28
Trojan.JS.Obfuscator.w (v)Trojan2.96
Backdoor.Win32.Cycbot.cfg (v)Backdoor2.30
Yontoo (v)Adware (General)1.47
FraudTool.Win32.FakeReanRogue AV1.35
Trojan.Win32.AdwareAdware (General)1.32
INF.Autorun (v)Trojan1.25
Trojan.Win32.Jpgiframe (v)Trojan1.05
Pinball Corporation. (v)Adware (General)1.04
Trojan.JS.Redirector.cd (v)Trojan1.03

 

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions for GFI VIPRE® Antivirus.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.