The latest VIPRE report, detailing the ten most prevalent malware threat detections spotted by GFI Labs and the ThreatNet Detection System, reveals that Google, LinkedIn, Skype and Mass Effect 3 were amongst the big brands being exploited by cybercriminals in order to leverage trust whilst distributing malware-laden emails. As a consequence, GFI software is urging users to question absolutely any and every unsolicited message regardless of the subject matter or purported origin.
The research labs team has documented a high number of spam and malware distribution campaigns during the month of March which have successfully infiltrated users' systems disguised as communications from well-known companies or pretending to be promotions for their services and products.
Christopher Boyd, the senior threat researcher at GFI Software, warns that Internet users are "bombarded with countless emails every day" and these campaigns are exploiting the "reflex-like tendency to click on links and open emails that look like they’re coming from a company we know and trust."
Take Google, for example, which was linked to such malware campaigns by being used as the hook for a couple of nasty scams that Google systems had detected malware on their computer and then, you guessed it, did the old rogue-antivirus thing and directed them to a site where the payload product could be downloaded. There were even emails being sent that claimed to come from Google Pharmacy, which doesn't exist, and offering services as a pharmaceutical interface for the search engine. This being image spam meant it could circumvent many spam filters, and if the user visited the URL shown in that image they were re-directed to an online pharmacy with a historical link to spam tactics dating back to 2004 according to GFI Labs.
LinkedIn, meanwhile, was exploited by scammers using fake invitation reminders which re-directed unsuspecting users to a blackhole exploit which infected their computers with a banking and social networking Trojan called Cridex. Skype found itself caught up in the malware mess after a spam campaign was launched that targeted Skype users with free credit and directed them to a malicious Java exploits host site instead.
One of the most targeted brands though was Mass Effect 3, with fake alternative ending downloads being the scam of choice and leading to marketing surveys and other ad-revenue raking sites. “If something seems off, users should trust their instincts and investigate further” Boyd advises “The important thing for everyone to remember is that the Internet provides us with the ability to easily double check every link or attachment that we come across with a simple web search. Pay attention to details such as link URLs and scrutinise where they are directing you if there is any doubt. This may sound like common sense, but having this mind set can often be the difference between avoiding a stressful attack and losing valuable time, money and personal information.”