The latest VIPRE threat report from GFI Labs found March 2012 saw a further increase in attacks on social media sites and popular brands and products. These not only included popular targets such as Facebook and Twitter, but were further extended to include Google, LinkedIn and Skype. The release of video game Mass Effect 3 also saw cybercriminals taking advantage of the game's popularity, with a surge of fake download links appearing which direct victims to fake surveys and other marketing scams.
LinkedIn users saw a huge increase in fake invitations, which redirects users to a site infected with a Blackhole exploit and downloads the Cridex trojan. The malware is not easy to detect and according to M86 Security Labs is only picked up by 10 out of 43 anti-virus products. Once Cridex has infected a machine it will repeatedly attempt to contact a C&C server whilst it collects data, including email credentials, passwords and other data, as well as screenshots of visited websites. It's thought the trojan was developed to steal banking information and the screenshots are being used to create phoney bank login pages.
Skype also came under attack in March; crooks targeted users by sending false spam which claimed to give Skype credit to those who followed a link. However, users were instead directed to a compromised site which was infected with malicious Java exploits.
Google was the ‘hook' for a couple of scams, a SEO poisoning attack, which told searchers that Google systems had detected malware on their machine and led them to download a fake anti-virus package. In the second attack, a wave of spam claimed to make announcements for "Google Pharmacy”; users who followed the link ended up at notorious spam site Pharmacy Express, which has been linked to spam attacks since 2004.
It's no surprise that these companies have become such a big target for spammers, scammers and worse. Social engineering on sites such as Facebook has been on the rise for some time, as users continue to fall for scams which take advantage of the notoriety of large sites and celebrity status.
Celebrity stories are often used to spread spam and tempt social media users into clicking on a story which often has a hidden layer of code overlaying the main image. These generally lead to survey scams, in which users unwittingly sign up to premium rate services, or malicious websites.
According to Christopher Boyd, senior threat researcher at GFI, the continued rise in this kind of attack is down to the fact that it works and continues to be a good money-spinner for cybercriminals.
"They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they're coming from a company we know and trust,” Boyd commented.
"If something seems off, users should trust their instincts and investigate further,” he continued.
"The important thing for everyone to remember is that the Internet provides us with the ability to easily double check every link or attachment that we come across with a simple web search. Pay attention to details such as link URLs, and scrutinize where they are directing you if there is any doubt. This may sound like common sense, but having this mindset can often be the difference between avoiding a stressful attack and losing valuable time, money and personal information.”