Welcome!

IoT User Interface Authors: Carmen Gonzalez, John Basso, Liz McMillan, Elizabeth White, Greg O'Connor

News Feed Item

GFI Software Uncovers Bogus Credit Card Notifications and Shipping Scams as Holiday Season Begins

Users also encountered malicious links in Twitter direct messages and a Trojan posing as a popular mobile application

CLEARWATER, Fla., Dec. 10, 2012 /PRNewswire/ -- GFI Software™ today released its VIPRE® Report for November 2012, a collection of the 10 most prevalent threat detections encountered last month. In November, GFI threat researchers encountered email threats disguised as notices from American Express®, DHL® and UPS® as the holiday season kicked into full gear, as well as a phony Twitter® Video application on Facebook and mobile malware disguised as the latest Angry Birds® game.

(Logo: http://photos.prnewswire.com/prnh/20121204/MM23629LOGO )

"One unfortunate reality about the holiday season is that while many people choose to spread good cheer, Internet users can also count on cybercriminals to spread malware. They prey on the stresses of last-minute gift buying, hoping to distract consumers from being cautious with their personal information online," said Christopher Boyd, senior threat researcher at GFI Software. "Cybercriminals have a large pool of potential victims at this time of year as more and more people flock to online shops to buy holiday gifts and ship them with their favorite package delivery company. No matter how crazy the season gets, users need to remember to practice the same good habits such as double checking the source of email messages and confirming the destination of links before clicking."

One cybercrime campaign delivered fake DHL Express delivery notifications to users' inboxes claiming that DHL was unable to make a delivery to the victims' addresses and that they needed to go to their local DHL office to present a postal receipt and claim the package. Users attempting to print their receipt were redirected to a number of websites leading to a phony antivirus program which infected users' machines, blocked other applications from running, caused pop-ups and redirected victims to messages designed to scare them into purchasing the fake antivirus software. Another international shipping company, UPS, also had its brand hijacked for a similar malware campaign.

American Express customers were targeted with malicious email campaigns designed to infect users' systems. One claimed that a money transfer had been aborted and contained a number of links to "review the billing statement" and "set alert preferences." If a user clicked any of these links, they were redirected to a malicious site and infected with Cridex if the Blackhole exploit kit housed there detected any unpatched vulnerabilities on their machine.

GFI found that users also continued to be at risk of falling for other familiar scams in November. Twitter users were the victim of malicious direct messages linking to a phishing page disguised as a "Twitter Video" application on Facebook. Users who clicked on the link and submitted their login credentials to the cybercriminals were also infected with a Trojan disguised as an Adobe® Flash® Player update. Elsewhere, Android™ users looking to try the new Angry Birds Star Wars® game without visiting the legitimate Google Play™ store may have also come across a fake version of the game that contained a Boxer Trojan. Users who installed the application had their phones hijacked to send premium SMS messages before being redirected to a legitimate download of the actual game.

Top 10 Threat Detections for November
GFI's top 10 threat detection list is compiled from collected scan data of tens of thousands of VIPRE Antivirus customers who are part of GFI's ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that Trojans once again dominated the list taking half of the top ten spots.

Detection

Type

Percent

Trojan.Win32.Generic

Trojan

22.9

GamePlayLabs

Adware (General)

3.48

Yontoo  (v)

Adware (General)

2.49

Trojan.Win32.Sirefef

Trojan

2.85

Win32.Malware!Drop

Trojan

1.26

Wajam

Adware (General)

2.1

BProtector

Misc (General)

1.85

Trojan.Win32.Ramnit.c (v)

Trojan

1.15

INF.Autorun (v)

Trojan

1.10

Virus.Win32.Sality.at (v)

Virus.W32

1.04

About GFI Labs
GFI Labs specializes in the discovery and analysis of dangerous vulnerabilities and malware. The team of dedicated security specialists actively researches new malware outbreaks, creating new threat definitions on a constant basis for the VIPRE home and business antivirus products.

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMBs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.

For more information
GFI Software
Please email David Kelleher at [email protected]
GFI - Malta: Tel: +356 2205 2000; Fax: +356 21382419.
URL: http://www.gfi.com.

Davies Murphy Group
Please email Jason Gass at [email protected]
GFI – US: Tel: +1-781-418-2439

Disclaimer
Copyright © 2012 GFI Software. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.

SOURCE GFI Software

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Effectively SMBs and government programs must address compounded regulatory compliance requirements. The most recent are Controlled Unclassified Information and the EU's GDPR have Board Level implications. Managing sensitive data protection will likely result in acquisition criteria, demonstration requests and new requirements. Developers, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by incorporating changes. In...
"Coalfire is a cyber-risk, security and compliance assessment and advisory services firm. We do a lot of work with the cloud service provider community," explained Ryan McGowan, Vice President, Sales (West) at Coalfire Systems, Inc., in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Regulatory requirements exist to promote the controlled sharing of information, while protecting the privacy and/or security of the information. Regulations for each type of information have their own set of rules, policies, and guidelines. Cloud Service Providers (CSP) are faced with increasing demand for services at decreasing prices. Demonstrating and maintaining compliance with regulations is a nontrivial task and doing so against numerous sets of regulatory requirements can be daunting task...
CloudJumper, a Workspace as a Service (WaaS) platform innovator for agile business IT, has been recognized with the Customer Value Leadership Award for its nWorkSpace platform by Frost & Sullivan. The company was also featured in a new report(1) by the industry research firm titled, “Desktop-as-a-Service Buyer’s Guide, 2016,” which provides a comprehensive comparison of DaaS providers, including CloudJumper, Amazon, VMware, and Microsoft.
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, sha...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, discussed how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved efficienc...
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.