Cybercriminals Target Broad Range of Victims in January

  • Feb 08, 2012

January saw malware attacks targeting a wide range of potential victims, including gamers looking for a Pro Evolution Soccer 2012 game crack, small business owners concerned about the reputation of their business, and government organizations receiving spoofed messages from the United States Computer Emergency Readiness Team (US-CERT).

GFI Software, providers of Web and mail security, recently released its VIPRE Report for January 2012; a collection of the 10 most prevalent threat detections encountered during the month. 

“While cybercriminals may not be picky about their choice of victims, their choice of tactics is anything but haphazard," said Chris Boyd, senior threat researcher at GFI Software.“Anyone who goes on the internet is a potential target for cybercriminals looking to infect systems and scam users. Malware writers and phishers do not discriminate. They purposefully cast a wide net when picking their methods of attack in order to reach as many targets as possible. Whether you are a young gamer, a successful business owner or a government employee, you need to be wary when clicking on links that appear to pertain to your interests, especially when asked to submit personal information online.”

In addition to malware writers installing rootkits on the systems of gamers who were looking for a pirated release of Pro Evolution Soccer 2012, developed by Konami Digital Entertainment, Inc., scammers also latched onto the buzz surrounding the upcoming fourth installment of the Halo video game series, developed by 343 Industries, by offering bogus beta invites in return for filling out surveys and recommending links on Facebook and Google+. These attacks leverage the popularity of these titles among the gaming community and are meant to take advantage of the mistakes some users might make when acting out of excitement about a favorite game franchise.

January also brought phishing emails posing as notices from the Better Business Bureau, claiming that a customer had filed a complaint against the recipient. The messages contained links to malware created using the Blackhole exploit kit. Government body US-CERT served as another disguise for cybercriminals attempting to bait unwitting victims into opening a file that contained a variant of the Zeus/Zbot Trojan. Meanwhile, Tumblr users were baited with “free Southwest Airlines tickets” in exchange for taking surveys and submitting personal information by a phony “Tumblr Staff Blog.”

Malware writers and internet scammers also sought to attack a wider cross-section of the population when opportunities presented themselves to creatively piggyback on hot news topics and highly trafficked websites. This past month, the shutdown of popular file hosting website Megaupload led to a domain typo scam targeting both the regular users of the website as well as visitors who were interested in seeing the FBI notice posted on the site. Once the victims reached the misspelled URL, they were redirected to various sites promising fake prizes and asking for personal information.

“While cybercriminals may not be picky about their choice of victims, their choice of tactics is anything but haphazard,” continued Boyd. “Cybercrime campaigns are designed to cripple systems and steal personal information, but first they have to reach the victim. Once they know the profile of the group they want to attack, they will do anything they can to increase their chances of success and fool users into playing along.”

Top 10 Threat Detections for January

GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet automated threat tracking system. ThreatNet statistics revealed that Trojans continue to be the most pervasive threat, taking half of the top spots for January 2012.

Detection                                        Type                                     Percent
Trojan.Win32.Generic                   Trojan                                   35.1
Yontoo (v)                                        Adware                                  2.23
FraudTool.Win32.FakeRean       Rogue Security Program   1.62
INF.Autorun (v)                                Trojan                                    1.28
Trojan.Win32.FakeAV.mqa (v)     Trojan                                    1.21
Trojan.Win32.Ramnit.c (v)            Trojan                                   0.94
Exploit.PDF-JS.Gen (v)                  Exploit                                   0.86
GameVance (fs)                             Adware                                  0.82
Pinball Corporation. (v)                 Adware                                  0.79
Trojan.Win32.Jpgiframe (v)          Trojan                                    0.77

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3