Cybercriminals Kick Off Holiday Season by Spreading Malware and Phishing Attacks

December 07, 2011 - 12:00

GFI Labs identified numerous scams last month, including cybercriminals posing as the federal government to exploit food stamp recipients

GFI Software today released its VIPRE® Report, a compilation of the 10 most prevalent threat detections for the previous month. Noteworthy threats in November 2011 included a new Facebook worm; the return of PDF-based malware posing as the U.S. Postal Service; Bank of America, SunTrust Bank phishing scams; and a phony food stamp website.

“Staying vigilant online—especially during the holiday shopping season—is key to not falling victim to scams or infecting a PC by clicking on malicious links or files,” said Christopher Boyd, senior threat researcher for GFI Software. “When in doubt, users should take a page from Santa’s playbook by ‘checking it twice.’ Never open attachments or provide information in response to unsolicited emails, and always remember that a bank will never ask for sensitive information via email.” 

In the days leading up to Thanksgiving in the United States, GFI Labs detected an increase in bank related phishing. Users received emails purporting to originate from SunTrust Bank and Bank of America. Both scams were unique in that they contained an HTML attachment which was actually a form asking for banking login information and even driver’s license numbers. Users who doubt the authenticity of an email communication from their bank should call the phone number shown on the back of their debit or credit card to verify.

PDF-based malware made a return in November. This type of attack is not new, but the time of year makes this one particularly effective. Users receive emails from what appears to be the U.S. Postal Service, informing them that they have a package that cannot be delivered due to insufficient address information. The attached PDF appears to be a shipping label which users are instructed to print. Upon opening the file, a variant of FakeSysDef, a rogue malware, is installed.

Targeting the Most Vulnerable
“Underscoring that anyone can be a target of cybercrime and that it’s not just big enterprises and banks that are at risk, last month we found scammers targeting people with limited financial resources,” said Jovi Umawing, threat researcher for GFI Software. “A fraudulent food stamps website was set up to misappropriate the cell phone numbers of those supported by the program. Thinking they were responding to an official request from the government, victims provided their cell phone numbers, which were automatically enrolled in a premium SMS service, placing unauthorized and unwanted charges on their phone bills.”

The VIPRE Report – Top 10 Threat Detections for November 2011
GFI’s VIPRE Report is compiled from the collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continue to make up a large portion of the most prevalent threats, taking 4 of the top 10 spots. 

DetectionTypePercent
Trojan.Win32.GenericTrojan35.96
Yontoo (v) AdwareAdware1.81
INF.Autorun (v)Trojan1.36
Worm.Win32.Downad.Gen (v)Worm.W321.04
Trojan.Win32.AdwareAdware0.96
FraudTool.Win32.FakeReanRogue Security Program0.96
Trojan.Win32.Ramnit.cTrojan0.94
Virus.Win32.Sality.at (v)Virus.W320.86
Trojan.Win32.jpgiframe (v)Trojan0.84
Exploit.PDF-JS.Gen (v)Exploit0.82

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI
GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small and medium-size businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.