GFI Labs Observes Cybercriminals Exploiting High-Profile Brands to Capture Victims’ Attention

January 02, 2013 - 12:00

GFI® Software urges users to question any unsolicited offers regardless of where they appear to originate

GFI Software today released its VIPRE® Report for March 2012, a collection of the 10 most prevalent threat detections encountered last month. GFI Labs also documented several spam attacks and malware-laden email campaigns infiltrating users’ systems under the guise of communications from well-known companies and promotions for popular products and services.  GoogleTM, LinkedIn®, SkypeTM and the video game Mass EffectTM 3 were among the brands exploited by cybercriminals.

“Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works,” said Christopher Boyd, senior threat researcher at GFI Software. “They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they’re coming from a company we know and trust.”

Google served as the hook for two particularly nasty scams uncovered by GFI in March. One SEO poisoning attack told users that “Google systems” had detected malware on their computer and directed them to download a rogue antivirus program. Meanwhile, spammers inundated mailboxes with messages containing fake announcements for “Google Pharmacy,” a phony service touted as a “pharmaceutical interface for Google.” The body of the email included a single image rather than text in order to circumvent spam filters. Victims who visited the URL contained in the image spam were directed to Pharmacy Express, a site linked to spam attacks since 2004.

Users of popular social networking site LinkedIn received fake invitation reminders redirecting them to a BlackHole exploit and infected their machines with Cridex, a Trojan that has targeted banks, social networks and CAPTCHA tests. Other cybercriminals targeted Skype users with a spam campaign claiming to offer free Skype Credit, but instead directed users to a compromised site hosting malicious Java exploits. Meanwhile, messages claiming to come from the U.S. Securities and Exchange Commissionwarned business recipients that a complaint had been filed against their company and would result in an investigation if not handled within 28 days. Users who were frightened into clicking on the nonexistent “complaint details” were directed to a page containing a Blackhole exploit kit targeting vulnerabilities in Adobe® and Microsoft® products.

Finally, March has been awash with scams and cybercrime efforts revolving around the launch of Mass Effect 3, one of the most eagerly awaited games of the year. GFI Labs warned of users being duped with fake alternative ending downloads for the game, taking advantage of the well-publicized intention of the game's maker to clarify the ending, which has been broadly discussed online. The fake downloads eventually lead the user to fake surveys and other affiliate marketing scams.

“If something seems off, users should trust their instincts and investigate further,” continued Boyd. “The important thing for everyone to remember is that the Internet provides us with the ability to easily double check every link or attachment that we come across with a simple web search. Pay attention to details such as link URLs, and scrutinize where they are directing you if there is any doubt. This may sound like common sense, but having this mindset can often be the difference between avoiding a stressful attack and losing valuable time, money and personal information.”

Top 10 Threat Detections for March
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that the top eight detections from February remained in the top 10 for March.

VIPRE report March 2012

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.