Related Links

Top 5 Stories


December VIPRE Report suggests that old phishing tactics are best

10 January 2012

GFI, provider of the VIPRE anti-malware product, is warning that phishing is and will increasingly be one of the internet’s most prevalent security threats. This is revealed by its internal analysis of December threat statistics.

“The threats we uncovered last month”, explains GFI senior threat researcher Christopher Boyd, “illustrate the consistent reuse of tried-and-true attack methods slightly modified to target new groups of potential victims. Most cyber-attacks at any given time rely on old techniques deployed with a new disguise. The reason we see them again and again is quite simply because they work, and we anticipate 2012 to bring many fresh takes on old scams.”

One example of this new use of old tricks approach has been highlighted by David Harley. He describes a new Spanish lottery Nigerian scam written in Gaelic. GFI has also seen several new variants of fake anti-virus systems – scareware – that falsely warn users of non-existent malware infections. Scareware has been one of the most common threats for the last two years.

The GFI report notes that bank oriented phishing remains a consistent threat (see, for example, the FBI’s warning about the new Gameover Zeus variant). GFI also highlights the growing use of the Blackhole exploit kit by criminals. Amazon users are currently being tricked into visiting fake sites hosting Blackhole. This then takes advantage of any unpatched Windows operating systems. It downloads an infected PDF file that exploits a vulnerability in Adobe Reader to install further malware on the victim’s PC.

The solution, says Boyd, is user awareness to avoid the social engineering that lies at the base of most infections. “Knowing how cybercriminals operate and understanding how to recognize common attacks are the first steps toward keeping your PC clean and your personal information safe.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×