SEO Poisoning, Faux Antivirus Software Top Malware Threats in April

The volume of malware continued to increase in April as online scammers and malware distributors took advantage of major events according to security experts. Fake antivirus software and poisoned image search links were particularly prevalent in April.

There were over 73,000 new variants of malware released daily in April, a 26 percent increase over April 2010, GFI Software found in its monthly analysis released May 16. Cyber-criminals exploited several high-profile events, including the UK Royal Wedding of Prince William and Kate Middleton, the Easter holiday, the anniversary of Yuri Gagarin becoming the first man in space and the release of President Barack Obama’s birth certificate.

Seven of the top 10 malware threats were Trojans, according to GFI’s top 10 malware list for the month. Trojan.Win32.Generic!BT, a generic malware classification that encompasses a variety of Trojans, continued to be the biggest threat, accounting for over 20 percent of total malware detected. The Zeus/Spyeye Trojan and fake antivirus were also part of the top 10.

A Trojan exploiting Autorun on Windows PCs continued to make the rounds in April. Microsoft noted in its recent Security Intelligence Report, report that autorun worms don’t affect Windows 7 systems, but unpatched versions of Windows XP remained vulnerable. Microsoft also noted the rise of fake security scareware in its report.

Attackers aggressively pushed fake antivirus software to victims in April, GFI Software found. Users were directed to malicious Web sites that purported to contain exclusive content, such as videos and images. Once users were tricked into downloading and installing fake software, the rogue security program claimed to find malware and demanded users upgrade to remove the threats.

Malware writers use techniques that alter the rogue executable to continuously create new variants within the scareware family, according to Sophos. One such family, called the “Security Tool,” produces a different executable nearly every minute, so users hitting the malicious site repeatedly wind up downloading a different sample each time. Many of the fake antirivus programs are essentially the same product but skinned differently and have names that sound similar to legitimate tools, such as “Internet Security 2010,” “XP Defender” and “Malware Defense.”

While fake antivirus scams for Windows PCs are common, April also saw one masquerading as an antivirus for the Mac OS X called MACDefender.

For more, read the eWEEK article: Fake AV, SEO Poisoning Top Malware Threats in April.