GFI Software™ Finds Spam Emails Targeting Users of LinkedIn®, PayPal™ and Amazon® in December

  GFI Software™ Finds Spam Emails Targeting Users of LinkedIn®, PayPal™ and
                             Amazon® in December

Users also encountered mobile malware hosted on fake Google Play™ app markets
designed to closely mimic the real online storefront

PR Newswire

CLEARWATER, Fla., Jan. 8, 2013

CLEARWATER, Fla., Jan. 8, 2013 /PRNewswire/ -- GFI Software™ today released
its VIPRE^® Report for December 2012, a collection of the 10 most prevalent
threat detections encountered last month. In December, GFI threat researchers
found a handful of phony Google Play app markets hosting mobile Trojans as
well as a number of spam email campaigns posing as messages from Amazon,
PayPal and LinkedIn.

(Logo: )

"Cybercriminals often make the effort to create phony websites and spam emails
that appear authentic in order to increase the chances of catching users off
guard and infecting their PCs," said Christopher Boyd, senior threat
researcher at GFI Software. "Over the past year, we have seen cybercriminals
improve their ability to fabricate even more convincing sites that prey on
users who rush into providing personally identifiable information or
installing applications without completely investigating the legitimacy of the
source. Users should be extra careful in every situation by taking the time to
look at URLs and manually navigating to the sites that they want to visit.

Android^™ users searching for Windows drivers for their smartphones on Yahoo!
encountered various types of infections from the same malicious URL last
month, depending on the type of device they used to conduct their search.
Users browsing from a PC initiated an automatic download of a Trojan when they
clicked on the malicious link, while users searching from an Android device
were redirected to a number of infected websites filled with bogus search
results. These results lead to fake Google Play app markets hosting two kinds
of Android Trojans which, similar to the Boxer Trojan, hijacked the victim's
phone and sent out SMS messages to premium numbers.

LinkedIn users were the victims of an email spam campaign which sent messages
indicating that another member had requested to connect on the popular social
networking site. Users who clicked the link to accept the invitation were sent
to one of several compromised websites containing Blackhole Exploit Kit code
which redirected them to a site hosting the Cridex Trojan. Amazon customers
were also victims of a similar campaign which sent emails disguised as order
confirmations, receipts, or Kindle™ e-book order confirmations.

Last month, the same Trojan also infected the systems of spam victims who
received fake PayPal emails fraudulently claiming that their sizable payment
had been processed for a Windows^® 8 operating system upgrade. Links contained
in the email led to sites with Blackhole exploits serving Cridex. All of the
scams above preyed on users' belief that they were visiting authentic sites
and required active participation by victims who needed to click on malicious
links within the spam emails. Each could have been avoided by simply verifying
that the email addresses used by the senders and the URLs that each link
directed to were associated with trusted websites and organizations.

Top 10 Threat Detections for December
GFI's top 10 threat detection list is compiled from collected scan data of
tens of thousands of VIPRE Antivirus customers who are part of GFI's
ThreatNet™ automated threat tracking system. ThreatNet statistics revealed
that adware dominated the month, taking four of the top 10 spots.

Detection                 Type        Percent
Trojan.Win32.Generic      Trojan     27.12
Trojan.Win32.Sirefef    Trojan                   3.69
GamePlayLabs              Adware (General)           3.46
Wajam                     Adware (General) 2.71
GameVance                 Adware (General)           1.47
Pinball Corporation       Adware (General)           1.41
Trojan.Win32.Ramnit.c (v) Trojan                     1.16
BProtector                Misc (General)            1.10
INF.Autorun (v)          Trojan                     1.08 (v) Virus.W32                  1.07

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous
vulnerabilities and malware. The team of dedicated security specialists
actively researches new malware outbreaks, creating new threat definitions on
a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and
security software and hosted IT solutions for small to medium-sized businesses
(SMB) via an extensive global partner community. GFI products are available
either as on-premise solutions, in the cloud or as a hybrid of both delivery
models. With award-winning technology, a competitive pricing strategy, and a
strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of
organizations on a global scale. The company has offices in the United States,
UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which
together support hundreds of thousands of installations worldwide. GFI is a
channel-focused company with thousands of partners throughout the world and is
also a Microsoft Gold ISV Partner.

For more information
GFI Software
Please email David Kelleher at
GFI - Malta: Tel: +356 2205 2000; Fax: +356 21382419.

Davies Murphy Group
Please email Jason Gass at
GFI – US: Tel: +1-781-418-2439

Copyright © 2012 GFI Software. All rights reserved. All other trademarks are
the property of their respective owners. To the best of our knowledge, all
details were correct at the time of publishing; this information is subject to
change without notice


Press spacebar to pause and continue. Press esc to stop.