December 2012 VIPRE Report: Mobile Trojan and Spam Campaigns

GFI Software details the most prevalent threats of the past month

GFI Software has released its VIPRE Report for December 2012. According to the report, the most prevalent threats were mobile Trojans masqueraded as Android apps hosted on fake Google Play sites, and spam campaigns targeting Amazon, LinkedIn and PayPal customers.

Malware-spreading campaigns that leveraged the BlackHole exploit kit lured LinkedIn and Amazon customers to malicious websites with spam emails. Cybercriminals attempted to trick LinkedIn users with bogus requests to connect, while Amazon users were lured with phony order confirmations and receipts.

PayPal customers, on the other hand, were targeted with fake emails in which they were informed that a payment had been processed for a Windows 8 upgrade.

In most cases, victims were served a variant of the notorious Cridex.

As far as mobile malware is concerned, cybercriminals made sure that users looking for Windows drivers on Yahoo! were taken to websites set up to serve Android Trojans designed to send SMS messages to premium rate numbers.

In December 2012, the top threats were Trojan.Win32.Generic (27%), Trojan.Win32.Sirefef (3.7%), followed by pieces of Adware such as GamePlayLabs, Wajam, GameVance, and Pinball Corporation.

Trojan.Win32.Ramnit.c (v), BProtector, INF.Autorun (v) and (v) complete the top ten.

“Cybercriminals often make the effort to create phony websites and spam emails that appear authentic in order to increase the chances of catching users off guard and infecting their PCs,” explained Christopher Boyd, senior threat researcher at GFI Software.

“Over the past year, we have seen cybercriminals improve their ability to fabricate even more convincing sites that prey on users who rush into providing personally identifiable information or installing applications without completely investigating the legitimacy of the source,” he added.

“Users should be extra careful in every situation by taking the time to look at URLs and manually navigating to the sites that they want to visit.”

Hot right now  ·  Latest news