Phishing Campaigns Run Rampant on Social Networks in January, According to GFI Software

Phishing Campaigns Run Rampant on Social Networks in January, According to GFI

Cybercriminals continue to leverage brand awareness of popular websites to
fool victims into clicking malicious links and sharing personal account

PR Newswire

CARY, N.C., Feb. 14, 2013

CARY, N.C., Feb. 14, 2013 /PRNewswire/ --GFI Software™ today released its
VIPRE^® Report for January 2013, a collection of the 10 most prevalent threat
detections encountered last month. In January, GFI threat researchers
identified a number of social network-based cybercrime attacks, including
phishing messages on Twitter® and Facebook, as well as malicious spam messages
disguised as event invites on LinkedIn®.


"As the brands of popular social networking sites become more engrained in our
culture, their value to cybercriminals looking for new ways to disguise their
attack campaigns will only increase," said Christopher Boyd, senior threat
researcher at GFI Software. "More and more young people entering the
workforce think of social networking as a standard part of everyday life. By
focusing their efforts on these sites, cybercriminals can increase their
chances of fooling a larger number of users to unknowingly download malware
onto their PCs and mobile devices. As a result, these users end up providing
social network account information that can be used to reach even more
potential victims."

A number of Twitter users found themselves targeted by a direct message
phishing campaign in January. The messages claimed that the victims were being
singled out by a Twitter account that was spreading "nasty blogs" about them.
The links contained in the messages led to a site that mimicked the official
Twitter login screen. Users who unwittingly entered their account information
without first looking at the page URL were sent to a 404 error message and
then redirected to the legitimate Twitter login screen in an effort to fool
them into thinking that they had simply encountered a problem on the real

Facebook users were the targets of a similar spam message, this one claiming
that the victims had violated the social network's policies by "annoying or
insulting" other users, and ordering them to reconfirm their accounts to avoid
being banned from the site. Users who clicked on the link contained within the
message were taken to a page explaining that they had to complete a "security
check" by entering personally identifiable information and Facebook login
credentials, as well as revealing which webmail service was linked with their
Facebook accounts. Finally, each user was prompted to enter the first six
digits of their credit card, regardless of whether or not they had purchased
Facebook credits in the past. After entering the first six digits, victims
were required to provide the rest of the card number in order to "verify"
their account, before having the hijacked accounts send out the same phishing
message to their lists of Facebook friends.

Elsewhere, on the popular professional networking site LinkedIn, members who
identified themselves as business owners received spam emails notifying them
that an employee had sent them an event invitation. Clicking on the links in
the email directed the victims to malicious sites containing malware that
exploited unpatched vulnerabilities on their systems. Users who did not click
on the malicious links or who kept their third party software up to date were
less at risk of infection.

Top 10 Threat Detections for January

GFI's top 10 threat detection list is compiled from collected scan data of
tens of thousands of VIPRE Antivirus customers who are part of GFI's
ThreatNet™ automated threat tracking system. ThreatNet statistics revealed
that Trojans and Adware dominated the top 10 during the month, accounting for
a total of seven of the top 10 detections.

Detection Type Percent
Trojan.Win32.Generic!BT         Trojan 24.87
Trojan.Win32.Sirefef      Trojan 3.25
GamePlayLabs      Browser Plug-in      2.72
Yontoo (v)  Adware (General)       2.51
BProtector  Misc (General)     2.48
Trojan.Win32.Generic.pak!cobra             Trojan  2.47
InstallBrain (fs) Misc (General)     1.76
Wajam Adware (General)       1.69
Wajam (fs)  Adware (General)       1.45
Trojan.Win32.Ramnit.c (v)         Trojan 1.19

About GFI Labs

GFI Labs specializes in the discovery and analysis of dangerous
vulnerabilities and malware. The team of dedicated security specialists
actively researches new malware outbreaks, creating new threat definitions on
a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and
security software and hosted IT solutions for small to medium-sized businesses
(SMB) via an extensive global partner community. GFI products are available
either as on-premise solutions, in the cloud or as a hybrid of both delivery
models. With award-winning technology, a competitive pricing strategy, and a
strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of
organizations on a global scale. The company has offices in the United States,
United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania,
which together support hundreds of thousands of installations worldwide. GFI
is a channel-focused company with thousands of partners throughout the world
and is also a Microsoft Gold ISV Partner.

For more information:

GFI Software
Please email David Kelleher at
GFI - Malta: Tel: +356 2205 2000; Fax: +356 21382419

Davies Murphy Group
Please email Jason Gass at
GFI – US: Tel: +1-781-418-2439

Copyright © 2013 GFI Software. All rights reserved. All other trademarks are
the property of their respective owners. To the best of our knowledge, all
details were correct at the time of publishing; this information is subject to
change without notice.


Press spacebar to pause and continue. Press esc to stop.