Top 10 Threat Detections for November 2011

GFI Software recently released its VIPRE^® Report, a compilation of the 10 most prevalent threat detections for the previous month. Noteworthy threats in November 2011 included a new Facebook worm; the return of PDF-based malware posing as the U.S. Postal Service; Bank of America and SunTrust Bank phishing scams; and a phony food stamp website.

“Staying vigilant online — especially during the holiday shopping season — is key to not falling victim to scams or infecting a PC by clicking on malicious links or files,” said Christopher Boyd, senior threat researcher for GFI Software. “When in doubt, users should take a page from Santa’s playbook by ‘checking it twice.’ Never open attachments or provide information in response to unsolicited emails, and always remember that a bank will never ask for sensitive information via email.”

In the days leading up to Thanksgiving in the United States, GFI Labs detected an increase in bank-related phishing. Users received emails purporting to originate from SunTrust Bank and Bank of America. Both scams were unique in that they contained an HTML attachment which was actually a form asking for banking login information and even driver’s license numbers. Users who doubt the authenticity of an email communication from their bank should call the phone number shown on the back of their issued card to verify.

PDF-based malware made a return in November. This type of attack is not new, but the time of year makes this one particularly effective. Users receive emails from what appears to be the U.S. Postal Service, informing them that they have a package that cannot be delivered due to insufficient address information. The attached PDF appears to be a shipping label which users are instructed to print. Upon opening the file, a variant of FakeSysDef, a rogue malware, is installed.

Targeting the Most Vulnerable

“Underscoring that anyone can be a target of cyber crime and that it’s not just big enterprises and banks that are at risk, last month we found scammers targeting people with limited financial resources,” said Jovi Umawing, threat researcher for GFI Software. “A fraudulent food stamps website was set up to misappropriate the cell phone numbers of those supported by the program. Thinking they were responding to an official request from the government, victims provided their cell phone numbers, which were automatically enrolled in a premium SMS service, placing unauthorized and unwanted charges on their phone bills.”

GFI’s VIPRE Report is compiled from the collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continue to make up a large portion of the most prevalent threats, taking four of the top 10 spots.

Top 10 Threat Detections for November 2011 - slide 1