Users were targeted with a variety of infected email, web links and other delivery mechanisms promising festive information, discount offers, Christmas e-cards and free software. The month also saw the big movie release of the season, Disney’s TRON Legacy, targeted by a wide array of SEO poisoned links, unwanted installs and other malware fakery, while a spate of fake iTunes emails caught several people off-guard, resulting in users running afoul of a malicious script that took advantage of a known Java exploit. GFI researchers also uncovered an Amazon receipt generator scam aimed at fooling retailers into honoring fraudulent receipts during the busy holiday shopping season.
December once again saw significant activity from Trojan threats, which continue to dominate the overall malware landscape. Seven of the top 10 malware detections were Trojans, with those seven accounting for almost 35% of all malware detections for the month. In addition to a range of Trojans, Worms also created major problems during December. Most significant was Worm.Win32.Downad.Gen (v), appearing at number seven in December's top 10, a detection for the Downadup worm, otherwise known as Conficker and Kido.
Taking advantage of a vulnerability in Windows Server service which allows remote code execution when file sharing is enabled, the Worm spreads across networks as well as removable drives, taking advantage of weak administrator passwords along the way. It commonly turns off some system services and anti-malcode protection, exposing infected systems to additional infection from other malware.
“Following on from the increased themed threat traffic we saw in November around Thanksgiving, Black Friday and Cyber Monday, criminals once again attempted to take advantage of Christmas and the holiday season with themed attacks designed to drive users towards infected sites and to trick them into opening infected email and executables. Themed attacks, along with themed SEO poisoning and fake application installs, are firmly established as a successful means for malware creators to distribute malcode and create disruption for organizations and families alike,” said Tom Kelchner, communications and research analyst for GFI Software.
“December is a challenging month for computing security, with many businesses shut for a prolonged period and consumers at home for the holidays. Casual computer use rises and vigilance can drop, creating opportunities for malware infection that would otherwise not happen the rest of the year. The top 10 serves as a stark reminder that IT security should not be taken for granted at any time,” Kelchner added.
The problem of fake software was highlighted by FraudTool.Win32.FakeVimes!delf (v), number nine on this month’s top 10. This is a heuristic detection for files associated with the FakeVimes family of rogue security products, illustrating the continued growth of fake and compromised security applications as a means to circulate and covertly install malware onto PCs.
ThreatNet is GFI Lab’s monitoring system that retrieves real-time data from VIPRE installations. Statistics come from tens of thousands of machines running VIPRE.
Top 10 detections for December
|Exploit.PDF-JS.Gen (v)||PDF Exploit||1.79|
|FraudTool.Win32.FakeVimes!delf (v)||Fake App 0.73|
Community News You Can Use
Click to read MORE news:
Twitter: @gafrontpage & @TheGATable @HookedonHistory
Twitter: @artsacrossga, @softnblue, @RimbomboAAG @FayetteFP