Cyber criminals target Tumblr users

A new report reveals that cyber criminal attacks focused heavily on Tumblr and Google Play users last month.

The report from GFI Software details the 10 most prevalent threat detections in the month of May.

Its threat researchers observed a spam campaign directing Tumblr users to a fake dating site that included pop-up ads meant to generate cash for the spammers whenever a user unwittingly signed up.

The site asked users for personally identifiable information in exchange for ad revenue generated by the victim’s tumblelog.

According to GFI, the site was "rife" with pop culture references designed to "fool potentatial victims into thinking the sites were legitimate and associated with internet content that they viewed as familiar".

A second spam campaign involved a phishing site posing as the Tumblr login page in order to steal the login information submitted by the user.

GFI said that users who do not regularly sign out of their Tumblr accounts were less likely to
notice that the phishing page was modelled after an outdated version of the Tumblr login screen.

Another form of Tumblr spam called “Tumblr Tasks” promised to provide users with a kit to monetise their tumblelog in exchange for filling out a form and paying a small fee.

“Tumblr continues to be a site that is well-trafficked by cybercriminals looking to victimise micro-bloggers with minimal effort,” said Christopher Boyd, senior threat researcher at GFI Software.

“More and more, cybercriminals are exploiting the familiarity of terms and images in order
to distract the victim from the dangers that are present as they sign away their personal information and click on links that lead to nothing but trouble.”

Google Play users who searched for Android apps, e-books, movies and music files were also targeted by cybercrime campaigns.

Users were presented with spam applications that took on the appearance of familiar brands and franchises but once installed spammed the victim's mobile device with surveys and advertising offers and failed to perform the functions that had been advertised.

“Users can avoid an entire world of worry by simply checking the basic details when confronted with a link or offer from an unknown source," said Boyd.

"Cybercriminals are banking on the fact that social media users want to quickly share content and that they won’t thoroughly investigate links before spreading them to friends.

“It is amazing how helpful little things can be when trying to keep yourself safe online. For example, holding the cursor over a link to check if it is directing you to the correct site, reviewing the basic details of an app before installing it on a mobile device or simply asking ‘is this offer too good to be true’ are basic yet impactful ways to identify and avoid becoming a victim of
cybercrime.”

Top 10 Threat Detections for May

GFI’s top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI’s ThreatNet automated threat tracking system. ThreatNet statistics revealed that Trojans once again dominated the month, taking half of the top 10 spots.

Detection Type Per cent
Trojan.Win32.Generic-----------------------Trojan--------------------- 32.62
Trojan.Win32.Fakealert.cn (v)-------------Trojan--------------------- 3.36
GamePlayLabs--------------------------------Browser Plug-in--------- 5.41
Yontoo-------------------------------------------Adware-------------------- 2.39

Trojan.Win32.Sirefef.pq (v)----------------Trojan---------------------- 1.42
INF.Autorun (v) -------------------------------Trojan --------------------- 1.18
GameVance------------------------------------Adware (General)------- 1.15
Trojan.Win32.Ramnit.c (v)------------------Trojan --------------------- 1.08
Worm.Win32.Downad.Gen (v)-------------Worm.W32 -------------- 0.96
Virus.Win32.Sality.at (v)---------------------Virus.W32 ---------------- 0.91