2

The latest VIPRE report, detailing the ten most prevalent malware threat detections spotted by GFI Labs and the ThreatNet Detection System, reveals that Google, LinkedIn, Skype and Mass Effect 3 were amongst the big brands being exploited by cybercriminals in order to leverage trust whilst distributing malware-laden emails. As a consequence, GFI software is urging users to question absolutely any and every unsolicited message regardless of the subject matter or purported origin.

masseffect The research labs team has documented a high number of spam and malware distribution campaigns during the month of March which have successfully infiltrated users' systems disguised as communications from well-known companies or pretending to be promotions for their services and products.

Christopher Boyd, the senior threat researcher at GFI Software, warns that Internet users are "bombarded with countless emails every day" and these campaigns are exploiting the "reflex-like tendency to click on links and open emails that look like they’re coming from a company we know and trust."

Take Google, for example, which was linked to such malware campaigns by being used as the hook for a couple of nasty scams that Google systems had detected malware on their computer and then, you guessed it, did the old rogue-antivirus thing and directed them to a site where the payload product could be downloaded. There were even emails being sent that claimed to come from Google Pharmacy, which doesn't exist, and offering services as a pharmaceutical interface for the search engine. This being image spam meant it could circumvent many spam filters, and if the user visited the URL shown in that image they were re-directed to an online pharmacy with a historical link to spam tactics dating back to 2004 according to GFI Labs.

LinkedIn, meanwhile, was exploited by scammers using fake invitation reminders which re-directed unsuspecting users to a blackhole exploit which infected their computers with a banking and social networking Trojan called Cridex. Skype found itself caught up in the malware mess after a spam campaign was launched that targeted Skype users with free credit and directed them to a malicious Java exploits host site instead.

One of the most targeted brands though was Mass Effect 3, with fake alternative ending downloads being the scam of choice and leading to marketing surveys and other ad-revenue raking sites. “If something seems off, users should trust their instincts and investigate further” Boyd advises “The important thing for everyone to remember is that the Internet provides us with the ability to easily double check every link or attachment that we come across with a simple web search. Pay attention to details such as link URLs and scrutinise where they are directing you if there is any doubt. This may sound like common sense, but having this mind set can often be the difference between avoiding a stressful attack and losing valuable time, money and personal information.”

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
8
Views
5 Years
Discussion Span
Last Post by LastMitch
0

LinkedIn, meanwhile, was exploited by scammers using fake invitation reminders which re-directed unsuspecting users to a blackhole exploit which infected their computers with a banking and social networking Trojan called Cridex. Skype found itself caught up in the malware mess after a spam campaign was launched that targeted Skype users with free credit and directed them to a malicious Java exploits host site instead.

I read about it last year but I didn't think it would go to that extreme.

I don't have Java installed on my computer because of those malicious Java exploits websites popping up.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.