GFI Labs Tracks Resurgence of Fake Antivirus Programs Plaguing Businesses and Consumers

January 02, 2013 - 12:00

GFI Software warns of new variations of rogue antivirus programs often distributed through spam carrying the Blackhole exploit

GFI Software today released its VIPRE® Report for February 2012, a collection of the 10 most prevalent threat detections encountered during the month. Most notably, GFI Labs has been documenting a new wave of fake antivirus programs (or rogue AV) on its Malware Protection Center blog. Growing since the start of the year, last month brought a significant spike in new variations of rogue AV.

“While the velocity at which rogues were successfully propagating may have slowed toward the end of last year, they are certainly back now, and they remain a popular tactic among cybercriminals,” said Christopher Boyd, senior threat researcher at GFI Software. “Users should not let their guard down. As always – no matter how convincing they look – always take the time to evaluate any piece of software that claims your PC is infected, prompts you for a credit card number or asks you to share any sensitive data, especially if it’s software that you or your employer did not install.”

Many rogue AV programs are being distributed via spam containing malicious links to the Blackhole exploit, a tool used by cybercriminals to target unpatched vulnerabilities in software applications from industry leaders like Microsoft Corp. and Adobe Systems Inc. Users infected by rogue AV may be redirected to fraudulent websites, have their systems hijacked by programs appearing to scan their PCs or plagued by messages warning of viruses and other PC security risk. These scareware tactics trick users into providing credit card data to purchases non-existent protection.

Rogue AV programs are continually tweaked in an attempt to avoid detection, with newer variants of these malicious applications propagating every 12 to 24 hours. When confronted with suspected rogue AV, users can visit the Malware Protection Center for removal advice or download GFI Software’s free virus removal tool, VIPRE® Rescue.

Cybercriminals Target Tax Season, Holidays and Gamers
Last month also saw phishers posing as representatives of Intuit Inc., the developers of TurboTax®, a popular tax preparation program. Victims were told that they must verify their tax information due to a discrepancy with information from the Social Security Administration only to click on links that led to Blackhole exploits. Meanwhile, emails purporting to come from the American Institute of Certified Public Accounts sent warnings of “unlawful tax return fraud” in order to scare victims into opening malicious attachments disguised as legitimate documents.

A more traditional holiday cybercrime campaign targeted Tumblr users last month with promises of $500 Victoria’s Secret gift cards. Like previous spam attacks offering Starbucks gift cards and free plane tickets, these Tumblr posts feigned legitimacy by claiming to come from a “Tumblr Staff Blog.” Users who clicked on the links were asked to sign up for various offers and submit personal information in order to claim their gift card. Gamers were also targeted via YouTube videos encouraging users to download a program that would generate codes that could be redeemed for free Microsoft points, the currency of the Xbox LIVE® marketplace. The bogus generator prompted the victim to fill out various surveys in order to receive a password and continue the code generation.

Top 10 Threat Detections for February
GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans once again dominated the list, taking half of the top 10 spots.

Top 10 descriptions

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.