Hackers use SEO poisoning Halloween tricks to lure PC users

Article

Hackers use SEO poisoning Halloween tricks to lure PC users

Ron Condon, UK Bureau Chief

Topical references to Halloween were used by hackers to trick PC users into downloading Trojans and malware, according to the latest figures from GFI Software.

During October, the company reported high levels of Trojan and rogue antivirus software, with hackers using Halloween-based spam and SEO poisoning as prime delivery methods.

Seven of the top 10 malware threats discovered by GFI Labs' ThreatNet service were classified as Trojans, delivered either through botnets, or by the use of SEO poisoning, exploiting a rise in Internet searches for Halloween-related activities. In this way, users may have been lured into clicking on search results that took them to infected websites pushing fake antivirus software and other malware.

Top 5 detections for October
Trojan.Win32.Generic!  21.7%

Trojan.Win32.Generic!SB.0    4.1%

Trojan-Spy.Win32.Zbot.gen    4.1%

Trojan.Win32.Generic.pak!cobra  3.47%

INF.Autorun (v) 2.21%

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

"The malware trends we've seen in the past month illustrate just how easy it is to hijack a fun public holiday and leave innocent people with a very nasty present -- a PC or network infected with a virus," said Tom Kelchner, communications and research analyst for GFI Software, in a statement. "The last month has also brought with it a variety of application vulnerabilities exploited by malicious code, including one in Adobe Acrobat."

Number nine on the Top 10 list is Exploit.PDF-JS.Gen (v), which takes advantage of a vulnerability in an out-of-date version of Adobe Reader and Acrobat. It uses JavaScript to introduce downloaders that install rogue antivirus software or some other malicious code. To avoid it, Adobe Reader or Acrobat need to be updated to the most recent version, 9.4, said GFI.

GFI's ThreatNet gathers information through tens of thousands of users of the VIPRE and CounterSpy antimalware products, which GFI acquired when it bought Sunbelt Software in July 2010.


Back to top