Shortened URLs direct users to infected sites

During the month, Kaspersky Lab says that the top trends on Twitter's main page included a number of entries with links that had been shortened and which, after several redirects, eventually led to infected websites.

Interestingly, Infosecurity notes that the monthly report also revealed two fake anti-virus programmes made it into December's Top 20 malicious programmes detected on the internet in 18th and 20th places.

Kaspersky says that genuine anti-virus programmes are now so effective at detecting their fake counterparts when they attempt to download to users' PCs that the cyber-criminals have moved their wares to the internet instead.

In the latter scenario, Kaspersky Lab notes that these rogue programmes do not need to be downloaded to a computer; users just need to be lured to a fake anti-virus website, which is a lot easier than by-passing real anti-virus protection.

Also during the month, researchers found representatives of the trojan-downloader.java.OpenConnection family remain extremely active.

Instead of using vulnerabilities in a Java virtual machine, these trojans employ the OpenConnection method of a URL class, something which the IT security vendor says is a standard functionality of the Java programming language.

Topping the list of web-based threats, well ahead of its nearest rival, was the adware programme AdWare.Win32.HotBar.dh. As a rule, this programme is installed along with legitimate applications and then annoys the user by displaying intrusive advertising, says Kaspersky Lab.

For the first time ever, meanwhile, the report notes that a malicious PDF file that makes use of Adobe XML Forms has made it into the Top 20 online threats.

When a victim opens the file Exploit.Win32.Pidief.ddl, a script exploit is launched that downloads and runs another malicious program from the internet.

Exploit.Win32.Pidief.ddl occupied 11th place in December’s rating of threats emanating from the net.

What’s Hot on Infosecurity Magazine?