Cyber-criminals have been busy in the days after Christmas, targeting users with new gadgets and computers with phishing and malware campaigns.
Malware infections spiked 25 percent on the day after Christmas, according to data released by SpywareRemove.com, a site that tracks malware infections by visits to its site. There was a small jump, about 4 percent, between Dec. 24 and Dec. 25, and a 25 percent spike between Dec. 25 and Dec. 26, according to the site.
“The bad guys know there is fresh blood out there and they do their best to infect and destroy,” said Alvin Estevez, editor of SpywareRemove.com and CEO of Enigma Software, suggesting that many of the infected machines were new systems users had received for the holidays.
There was a high number of rogue anti-spyware and fake antivirus activity during this time period, according to SpywareRemove.com, with five scareware programs accounting for more than 35 percent of the infections reported by the site. The fake tools had names such as “Win 7 Security 2012,” “Vista Security 2012,” “XP Security 2012,” “XP Antivirus 2012” and “Win 7 Anti Virus 2012.”
“We saw a lot of rogues having a field day on Christmas Day and the day after,” Estevez said.
Mac security-software company Intego reported a “vast phishing attack” targeting Apple customers that emerged “on or around” Christmas day. The phishing email attempted to trick Apple customers into clicking on a link in order to update the billing information on their accounts because it was “out of date,” Intego said in its Mac Security blog.
The fake messages were sent with the subject “Apple update your Billing Information” and appeared to come from email@example.com. The link in the email appeared to be leading to store.apple.com, but actually pointed to a numeric IP address that was not part of Apple’s network.
Users who clicked on the forged link were directed to a page that looks nearly identical to the real sign-in page and encouraged to enter their Apple ID and password, according to Intego. Users were then asked to update the account profile, as well as the credit card information. The phishing page looks very realistic as many of the elements on the page were taken from Apple’s official pages, Intego said. The malicious email was also well-written and grammatically correct, which is unusual for these kinds of scams.
“These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time,” Intego wrote on the blog.
There have been several “aggressive” phishing attacks targeting .mil email accounts this month, according the United States Army. In one campaign, criminals sent an email with the subject line “Deposit Posted,” and pretending to be sent by the United Services Automobile Association, a financial services company for veterans, military personnel and their families.
The email itself did not have any links, but contained a file infected by the Zeus Trojan which would compromise user computers when it was opened. Other attacks targeted military installations and defense facilities by sending personnel official-looking emails appearing to come from senior officers. The messages contained instructions to download and install some kind of software as part of a “critical security measure,” according to an article on the U.S. Army Website.
Researchers at Dell SecureWorks had noted an “uptick” in phishing scams referencing problems with shipping orders or recent purchases and cancelled deposit slips during the holiday season.