GFI Labs Discovers Cybercriminals Stealing From Each Other and Unleashing a New Spin on Bogus Antivirus

GFI Software today announced the top 10 most prevalent threat detections for July 2011. Highlights included a malware-laden “autowhaler” application unleashed to infect cybercriminals stealing from phishers, while a fresh take on rogue antivirus offers up afake codecsuite for sale after it disables users’ video players.

“The fake autowhaler, rogue codec suite and other threats we uncovered in July underscore the growing sophistication and creativity of malware authors, and the continued evolution of cybercrime tactics,” said Christopher Boyd, senior threat researcher, GFI Software. “The autowhaler is especially telling because it demonstrates that even cybercriminals are not safe from infection on the Internet. If you are online, you are a target. Users need to remain vigilant because malware writers are constantly finding new ways to camouflage their scams.”

The exploitation of high-profile news, events and products through SEO poisoning, malicious URLs and spam attacks remains a popular disguise. For example, GFI investigated malware masquerading as the popular and widely adoptedSkype

^©communications service andAdobe^®Flash^®Playerbrowser plug-in. GFI also reported on how spam and malware can compromise users visiting legitimate websites likeSourceForge, where a number of pages had been linking to a site distributing the rogue antivirus FakeRean.

Internet users should continue to be wary of any unsolicited pop-ups, emails, texts or messages delivered via social networking sites asking them to submit personal information or alerting them to problems with their PCs. If there is any doubt as to where a message originates or what information it requests—even if it looks legitimate—Boyd suggests that users not respond or click on any links.

“If you do get a message that appears to be from a bank, retailer or vendor you do business with, but they are asking for personal information, passwords or account numbers, don’t respond,” added Boyd. “If it’s something that users feel requires a response or further investigation, they should contact the purported sender through a known and trusted phone number to verify if the request is legitimate.”

This month, GFI warns users to be cautious of likely search term targets for scammers, such as team and player news for the upcoming NFL season and rumors surrounding the next iPhone. Users should tread lightly and avoid downloading anything unless it is from a verified source. GFI Software also advises users to frequently check that theirantivirus softwareis up to date. For users who become infected with rogue antivirus, the company tracks the latest variants on itsMalware Protection Centerblog. There, users can find more information, screen shots and removal tips.

Top 10 Threat Detections for July

GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands ofGFI VIPRE^®Antiviruscustomers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that half of the top 10 threat detections found during July 2011 continue to be Trojans, mostly detected in generic form.

Detection                                              Type                             Percent

Trojan.Win32.Generic                            Trojan                           27.77

INF.Autorun (v)                                      Trojan                           1.43

Trojan.Win32.Adware                            Adware                         1.42

Trojan.Win32.Jpgiframe (v)                    Trojan                           1.24

Trojan.JS.Redirector.cd (v)                   Trojan                          1.18

Exploit.PDF-JS.Gen (v)                        Exploit                                      1.15

Worm.Win32.Downad.Gen (v)               Worm.W32                    1.15

Yontoo (v)                                           Adware                       1.12

Pinball Corporation. (v)                         Adware                        1.01

Trojan-Spy.Win32.Zbot.gen                   Trojan                           0.94

About GFI Labs

GFI Labsspecializes in the discovery and analysis of dangerous vulnerabilities and malware that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis.

About GFI

GFI Software provides web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMBs) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organisations on a global scale. The company has offices in the United States, United Kingdom, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.