Security solutions provider GFI Software released the VIPRE Report for March 2012 to highlight the most popular cybercriminal operations and the pieces of malware they rely on to ensure success.
One of the first observations made by GFI experts is that fraudsters still leverage popular brand names to spread malicious elements and steal sensitive data from users.
“Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works,” Christopher Boyd, senior threat researcher at GFI Software, revealed.
“They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they're coming from a company we know and trust.”
One of the most interesting threats detected in March cleverly masqueraded as a Google antivirus which directed users to download a piece of fake antivirus program.
The Google Pharmacy scams that were spotted got through spam filters in a clever way. They used a single image that represented the body of the email, instead of pieces of text that might have been identified as being malevolent by anti-spam engines.
BlackHole was prevalent in most of the operations, with both fake LinkedIn invitations and notifications pretending to come from the US Securities and Exchange Commission leading to sites that hosted the exploit kit. Java exploits were served to users who wanted to earn free Skype Credit.
During the month that passed, the most utilized piece of malware was Trojan.Win32.Generic (30%), followed at a distance by the malicious GamePlayLabs browser plugin (4.5%).
The top 10 of threat detections for March is completed by the Yontoo adware, the ever-present Inf.Autorun, Ramnit, the Downad.Gen worm, Sality, ZeuS, the PDF-JS.Gen exploit and the iBryte piece of adware.