Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

GFI Labs identified numerous scams last month, including cybercriminals posing as the federal government to exploit food stamp recipients

London, UK – 8 December 2011 – GFI Software today released its VIPRE® Report, a compilation of the 10 most prevalent threat detections for the previous month. Noteworthy threats in November 2011 included a new Facebook worm; the return of PDF-based malware posing as the postal services and parcel firms; Bank of America and SunTrust Bank phishing scams.

“Staying vigilant online – especially during the holiday shopping season – is key to not falling victim to scams or infecting a PC by clicking on malicious links or files,” said Christopher Boyd, senior threat researcher for GFI Software. “When in doubt, users should take a page from Santa’s playbook by ‘checking it twice.’ Never open attachments or provide information in response to unsolicited emails, and always remember that a bank will never ask for sensitive information via email.”

In the days leading up to Thanksgiving in the US, GFI Labs detected an increase in bank related phishing. Users received emails purporting to originate from major retail banks including SunTrust Bank and Bank of America. Both scams were unique in that they contained an HTML attachment which was actually a form asking for banking login information and even driver’s license numbers. Users who doubt the authenticity of an email communication from their bank should call their local branch or the customer services phone number printed on the back of their debit or credit card to verify.

PDF-based malware made a return in November. This type of attack is not new, but the time of year makes this one particularly effective. Users receive emails from what appears to be a legitimate parcel delivery company or postal operator, informing them that they have a package that cannot be delivered due to insufficient address information. The attached PDF appears to be a shipping label which users are instructed to print. Upon opening the file, a variant of FakeSysDef, a rogue malware, is installed.

Targeting the Most Vulnerable

“Underscoring that anyone can be a target of cybercrime and that it’s not just big enterprises and banks that are at risk, last month we found scammers targeting people with limited financial resources,” said Jovi Umawing, threat researcher for GFI Software. “A fraudulent food aid website was set up to misappropriate the mobile phone numbers of those supported by food donation schemes. Thinking they were responding to an official request from the government, victims provided their phone numbers, which were automatically enrolled in a premium SMS service, placing unauthorised and unwanted charges on their phone bills.”

The VIPRE Report – Top 10 Threat Detections for November 2011

GFI’s VIPRE Report is compiled from the collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continue to make up a large portion of the most prevalent threats, taking four of the top 10 spots.


Yontoo (v) Adware------------------------Adware-----------------------------1.81
INF.Autorun (v)----------------------------Trojan-----------------------------1.36
Worm.Win32.Downad.Gen (v)----------Worm.W32------------------------1.04
FraudTool.Win32.FakeRean-------------Rogue Security Program-------0.96
Trojan.Win32.Ramnit.c------------------Trojan-----------------------------0.94 (v)---------------Virus.W32---------------------------0.86
Trojan.Win32.jpgiframe (v)-------------Trojan-----------------------------0.84
Exploit.PDF-JS.Gen (v)-----------------Exploit----------------------------0.82

About GFI Labs

GFI Labs specialises in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI Software

GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organisations on a global scale. The company has offices in the United States, United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.

For more information:

GFI Software

Please email David Kelleher on
GFI - Malta: Tel: +356 2205 2000; Cell: +356 7906 3606; Fax: +356 21382419

Davies Murphy Group

Please email Chris Green on
Tel: +44 1256 807360

Copyright © 2011 GFI Software. All rights reserved. All trademarks used are owned by their respective companies. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice

This press release was distributed by ResponseSource Press Release Wire on behalf of GFI Software in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit