Skip to content

November 6, 2010

Trojans and SEO Issues Hit this Halloween

GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today revealed continuing high levels of Trojan and rogue malware circulating during October, with the landscape further complicated by a variety of Halloween-related scams, threats and exploits, many of which have implications for SEO companies. The findings stem from the calculation of the top 10 most prevalent malware threats for the month of October 2010, which are compiled from monthly scans performed by GFI’s award-winning anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy, as a service of GFI Labs™.

“In light of the significant on-going threats facing users, particularly from intensive botnet activity, we are maintaining an elevated threat level on our Worldwide Threat Level indicator”

In another month dominated by Trojans – ThreatNet data revealed that seven of the top 10 malware threats were classified as Trojans – users have been hit hard by the growing use of botnet networks to spread malware, circulate spam mail and commit fraud through the selling of fake antivirus software. This trend was highlighted last week with the high-profile news that Dutch authorities had taken down the Bredolab botnet. While this may cause a drop in malicious spam in the near term, there are several other botnets of which to be wary.

In addition to botnets, SEO poisoning was used extensively in October to trick innocent users into following rogue search results promising, among other things, Halloween activities and party tips, but in fact delivering the user to infected websites pushing fake antivirus and other malware. GFI issued a warning last week before Halloween. The alert highlighted common threats that typically surface in the days leading up to October 31, including SEO poisoning threats similar to the use of the string “printable Jack-O-Lantern stencil” that emerged this year. SEO companies need to be aware of this threat.

“We are just weeks away from several major holidays, including Thanksgiving, Christmas and New Year, and we expect corporate and consumer PC users to let their guard down when they browse the web. Halloween was once again targeted by the criminals and malcode writers and we’ve already seen first-hand what can happen when users set aside common sense in their searches of topical information and fun web sites,” said Tom Kelchner, communications and research analyst for GFI Software.

“The malware trends we’ve seen in the past month illustrate just how easy it is to hijack a fun public holiday and leave innocent people with
a very nasty present – a PC or network infected with a virus. The last month has also brought with it a variety of application vulnerabilities
exploited by malicious code, including one in Adobe Acrobat.”

Exploit.PDF-JS.Gen (v), number nine on this month’s top 10, takes advantage of a vulnerability in an out-of-date version of Adobe Reader
and Acrobat and can use JavaScript to load downloaders that install rogue antivirus software or a variety of other malicious code. GFI
advises users to make sure Adobe Reader or Acrobat install is updated to the most recent version, 9.4.

“In light of the significant on-going threats facing users, particularly from intensive botnet activity, we are maintaining an elevated
threat level on our Worldwide Threat Level indicator,” Kelchner added.

ThreatNet is GFI Lab’s monitoring system that retrieves real-time data from VIPRE installations. Statistics come from tens of thousands of
machines running VIPRE. Here is more information for top SEO companies.

Top 10 detections for October







Trojan.Win32.Generic!BT       Trojan       21.7
Trojan.Win32.Generic!SB.0       Trojan       4.1
Trojan-Spy.Win32.Zbot.gen       Trojan       4.1


      Trojan       3.47
INF.Autorun (v)       Trojan       2.21
Worm.Win32.Downad.Gen (v)       Worm.W32       2.1
Trojan.JS.Generic (v)       Trojan       0.8
Trojan.Win32.Malware.a       Trojan       0.77
Exploit.PDF-JS.Gen (v)       Exploit       0.74
Trojan.ASF.Wimad (v)       Trojan       0.74
Read more from SEO Company News

Comments are closed.