Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Cybercriminals are ever focused on infecting as many victims’ machines or stealing as much personal information with as little effort as possible.

Internet users are urged to monitor for red flags in any unsolicited email messages and to exercise caution when clicking on unknown links

London, UK – July 6, 2012 – GFI Software today released its VIPRE® Report for June 2012, a collection of the 10 most prevalent threat detections encountered last month. In June, GFI threat researchers observed two fresh spam campaigns linking to Blackhole exploits which posed as confirmation emails from Twitter® and Amazon®. Delta Airlines® similarly had their brand misappropriated in a spam campaign meant to infect users with Sirefef and rogue antivirus software. GFI also hosted a free webinar which provided a detailed look at the Flame virus using data gathered from GFI’s own GFI Sandbox™ technology.

“Cybercriminals are ever focused on infecting as many victims’ machines or stealing as much personal information with as little effort as possible. By disguising the source of their spam as messages from companies or organisations with widespread appeal, they can increase the number of potential victims likely to fall for their scams,” said Christopher Boyd, senior threat researcher at GFI Software. “Any notices or ‘confirmation emails’ that arrive unexpectedly, no matter how legitimate it may appear, should be thoroughly inspected before the user takes any other action. If something seems out of place, users should trust their instincts and use common sense before clicking anything that could make the situation worse.”

Throughout the month of June, phony emails claiming to be Amazon order confirmations were sent to unsuspecting victims in the hopes of infecting them with malware. Users who clicked any of the links contained in the email were directed to a web page that contained Blackhole exploit code. The exploit scanned the user’s system for Adobe® Reader® and Adobe Flash® before loading a Java applet that redirected the victim to web pages that hosted specially-crafted PDF exploit files depending on the version of Adobe Reader found on the system.

Another fake email posing as a Twitter account confirmation linked victims to a Russian website which housed a Blackhole exploit kit. The site deployed exploits that targeted Adobe Reader and Adobe Flash vulnerabilities which were as old as six years. It’s important to note that both of these attack campaigns could have been avoided had victims kept their software fully patched and up to date.

A bogus spam email was also discovered disguising itself as a Delta Airlines e-ticket. Users who downloaded the attachment were met with an executable file that infected their system with Sirefef and Live Security Platinum, a rogue antivirus program. This fake AV program blocked the running of all other applications and deployed constant pop-ups and browser redirects to messages alerting the user of an infection and requesting payment to clean up the system.

Analysing Flame

In June, The GFI Software Flame Task Force identified malware behaviour exhibited by Flame not yet reported by other security vendors or malware researchers. To learn how GFI threat researchers were able to generate 100MB of detailed malware behavioural data on Flame in less than 5 minutes using GFI SandBox, please visit http://vimeo.com/44382073.

Top 10 Threat Detections for June

GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans continued to dominate the month, taking six of the top 10 spots.

Detection ==================== Type ============== Percent
Trojan.Win32.Generic----------------Trojan------------------------31.51
GamePlayLabs-------------------------Browser Plug-in-----------5.79
Trojan.Win32.Small-------------------Trojan------------------------2.97
Trojan.Win32.Sirefef.pq (v)----------Trojan------------------------2.48
Yontoo (v)-----------------------------Adware ---------------------2.45
Trojan.Win32.Fakealert.cn (v)-------Trojan-----------------------1.24
INF.Autorun (v)--------------------------Trojan------------------------1.06
GameVance-----------------------------Adware (General)----------0.96
Trojan.Win32.Ramnit.c (v)-----------Trojan-------------------------0.84
iBryte--------------------------------------Adware (General)-----------0.83

About GFI Labs

GFI Labs specialises in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI

GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organisations on a global scale. The company has offices in the United States, United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.

For more information

GFI Software
Please email David Kelleher at dkelleher@gfi.com
GFI - Malta: Tel: +356 2205 2000; Fax: +356 21382419.
URL: http://www.gfi.com.

Davies Murphy Group
Please email Chris Green at gfi@daviesmurphy.com
Tel: +44 1256 807 360

Disclaimer
Copyright © 2012 GFI Software. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice

This press release was distributed by ResponseSource Press Release Wire on behalf of GFI Software in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.