Cyber-criminals kick off holiday season with malware, phish attacks

 

A computer security firm listed a fake antivirus software, fake emails from banks and Trojans among the top 10 threats in November leading to December.

 

"Staying vigilant online—especially during the holiday shopping season—is key to not falling victim to scams or infecting a PC by clicking on malicious links or files,”  GFI Labs senior threat researcher Christopher Boyd said on the GFI website.

 

When in doubt, Boyd said, users should "take a page from Santa’s playbook by ‘checking it twice.’"

 

"Never open attachments or provide information in response to unsolicited emails, and always remember that a bank will never ask for sensitive information via email,” he said.

 

The top 10 threats in November were:

 

1. Trojan.Win32.Generic (Trojan), 35.96 percent

2. Yontoo (virus) Adware, 1.81 percent

3. INF.Autorun (virus) Trojan, 1.36 percent

4. Worm.Win32.Downad.Gen (virus), 1.04 percent

5. Trojan.Win32.Adware, 0.96 percent

6. FraudTool.Win32.FakeRean (Rogue Security Program), 0.96 percent

7. Trojan.Win32.Ramnit.c, 0.94 percent

8. Virus.Win32.Sality.at, 0.86 percent

9. Trojan.Win32.jpgiframe, 0.84 percent

10. Exploit.PDF-JS.Gen, 0.82 percent

 

GFI noted that in the days leading up to Thanksgiving in the United States, there was an increase in bank-related phishing.

 

Users received emails claiming to originate from SunTrust Bank and Bank of America.

 

"Both scams were unique in that they contained an HTML attachment which was actually a form asking for banking login information and even driver’s license numbers," it said.

 

Also, PDF-based malware made a return in November claiming to be from the US Postal Service, informing them that they have a package that cannot be delivered due to insufficient address information.

 

The attached PDF appears to be a shipping label which users are instructed to print. But the PDF is a variant of FakeSysDef, a rogue malware, is installed.

 

Even people with limited financial resources were targets as a fraudulent food stamps website was set up to misappropriate the cell phone numbers of those supported by the program.

 

Thinking they were responding to an official request from the government, victims provided their cell phone numbers, which were automatically enrolled in a premium SMS service that placed unauthorized and unwanted charges on their phone bills. — LBG, GMA News