July 2011 threat landscape
July has been a hot month for SEO poisoning, and its popularity is expected to continue in August, says GFI.
Users to be cautious of likely search term targets for scammers, such as team and player news for the upcoming NFL season and rumors surrounding the next iPhone. Users should tread lightly and avoid downloading anything unless it is from a verified source.
“The fake autowhaler, rogue codec suite and other threats we uncovered in July underscore the growing sophistication and creativity of malware authors, and the continued evolution of cybercrime tactics,” said Christopher Boyd, senior threat researcher, GFI Software. “The autowhaler is especially telling because it demonstrates that even cybercriminals are not safe from infection on the Internet. If you are online, you are a target. Users need to remain vigilant because malware writers are constantly finding new ways to camouflage their scams.”
The exploitation of high-profile news, events and products through SEO poisoning, malicious URLs and spam attacks remains a popular disguise. For example, GFI investigated malware masquerading as the popular and widely adopted Skype communications service and Adobe Flash Player browser plug-in. GFI also reported on how spam and malware can compromise users visiting legitimate websites like SourceForge, where a number of pages had been linking to a site distributing the rogue antivirus FakeRean.
Internet users should continue to be wary of any unsolicited pop-ups, emails, texts or messages delivered via social networking sites asking them to submit personal information or alerting them to problems with their PCs. If there is any doubt as to where a message originates or what information it requests—even if it looks legitimate—Boyd suggests that users not respond or click on any links.
“If you do get a message that appears to be from a bank, retailer or vendor you do business with, but they are asking for personal information, passwords or account numbers, don’t respond,” added Boyd. “If it’s something that users feel requires a response or further investigation, they should contact the purported sender through a known and trusted phone number to verify if the request is legitimate.”
Top 10 threat detections for July – half of the top 10 threat detections found continue to be Trojans, mostly detected in generic form:
1. Trojan.Win32.Generic (Trojan)
2. INF.Autorun (Trojan)
3. Trojan.Win32.Adware (Adware)
4. Trojan.Win32.Jpgiframe (Trojan)
5. Trojan.JS.Redirector.cd (Trojan)
6. Exploit.PDF-JS.Gen (Exploit)
7. Worm.Win32.Downad.Gen (Worm.W32)
8. Yontoo (Adware)
9. Pinball Corporation. (Adware)
10. Trojan-Spy.Win32.Zbot.gen (Trojan)