Cybercriminals Cast a Wide Net in January, Targeting a Broad Range of Victims

February 08, 2012 - 12:00

GFI® Software finds cybercriminals tailoring tactics for maximum appeal and effectiveness

GFI Software today released its VIPRE® Report for January 2012, a collection of the 10 most prevalent threat detections encountered during the month. Last month saw malware attacks targeting a wide range of potential victims, including gamers looking for a Pro Evolution Soccer 2012 game crack, small business owners concerned about the reputation of their business, and government organizations receiving spoofed messages from the United States Computer Emergency Readiness Team(US-CERT).

“Anyone who goes on the internet is a potential target for cybercriminals looking to infect systems and scam users,” said Chris Boyd, senior threat researcher at GFI Software. “Malware writers and phishers do not discriminate. They purposefully cast a wide net when picking their methods of attack in order to reach as many targets as possible. Whether you are a young gamer, a successful business owner or a government employee, you need to be wary when clicking on links that appear to pertain to your interests, especially when asked to submit personal information online.”

In addition to malware writers installing rootkits on the systems of gamers who were looking for a pirated release of Pro Evolution Soccer 2012, developed by Konami Digital Entertainment, Inc., scammers also latched onto the buzz surrounding the upcoming fourth installment of the Halo® video game series, developed by 343 Industries, by offering bogus beta invites in return for filling out surveys and recommending links on Facebook and Google+. These attacks leverage the popularity of these titles among the gaming community and are meant to take advantage of the mistakes some users might make when acting out of excitement about a favorite game franchise.

January also brought phishing emails posing as notices from the Better Business Bureau, claiming that a customer had filed a complaint against the recipient. The messages contained  links to malware created using the Blackhole exploit kit. Government body US-CERT served as another disguise for cybercriminals attempting to bait unwitting victims into opening a file that contained a variant of the Zeus/Zbot Trojan. Meanwhile, Tumblr users were baited with “free Southwest Airlines tickets” in exchange for taking surveys and submitting personal information by a phony “Tumblr Staff Blog.”  

Malware writers and internet scammers also sought to attack a wider cross-section of the population when opportunities presented themselves to creatively piggyback on hot news topics and highly trafficked websites. This past month, the shutdown of popular file hosting website Megaupload led to a domain typo scam targeting both the regular users of the website as well as visitors who were interested in seeing the FBI notice posted on the site. Once the victims reached the misspelled URL, they were redirected to various sites promising fake prizes and asking for personal information.

“While cybercriminals may not be picky about their choice of victims, their choice of tactics is anything but haphazard,” continued Boyd. “Cybercrime campaigns are designed to cripple systems and steal personal information, but first they have to reach the victim. Once they know the profile of the group they want to attack, they will do anything they can to increase their chances of success and fool users into playing along.”

Top 10 Threat Detections for January
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continue to be the most pervasive threat, taking half of the top spots for January.

Top 10 descriptions

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.