Spam Campaigns Abound on Tumblr According to GFI Software
June 7, 2012
GFI Software today released its VIPRE® Report for May 2012, a collection of the 10 most prevalent threat detections encountered last month. In May, GFI threat researchers observed a number of attacks focused on Tumblr® users including two spam campaigns centered around a fake "Tumblr Dating Game" which lead to surveys, fake advertising spam asking for personally identifiable information in exchange for ad revenue generated by the victim's tumblelog, and a phishing site posing as the Tumblr login page. Cybercrime campaigns were also seen targeting Google PlayTM users searching for AndroidTM apps.
"Tumblr continues to be a site that is well-trafficked by cybercriminals looking to victimize micro-bloggers with minimal effort," said Christopher Boyd, senior threat researcher at GFI Software. "More and more, cybercriminals are exploiting the familiarity of terms and images in order to distract the victim from the dangers that are present as they sign away their personal information and click on links that lead to nothing but trouble."
Multiple rounds of spam were encountered on Tumblr during May which directed users to a phony dating site that included pop-up ads meant to generate cash for the spammers whenever a user unwittingly signed up. The fake dating site and the spam that directed users to it were rife with pop culture references including internet memes and an allusion to a slogan used by the British government during WWII which has become a popular catchphrase in recent years. These references were meant to fool potential victims into thinking the sites were legitimate and associated with internet content that they viewed as familiar.
Tumblr users were also targeted by a spam account which followed potential victims to gain their attention and redirected them to a fake Tumblr login page in order to steal the login information submitted by the user. Users who do not regularly sign out of their Tumblr accounts were less likely to notice that the phishing page was modeled after an outdated version of the Tumblr login screen. Finally, Tumblr users were confronted with a relatively new form of Tumblr spam called "Tumblr Tasks" that promised to provide users with a kit to monetize their tumblelog in exchange for filling out a form and paying a small fee. This campaign leveraged the fact that Tumblr's plans to advertise on the site have recently become a hot topic in the social media world.
Elsewhere, shoppers at Google Play looking for Android apps, e-books, movies and music files were faced with a large number of spam applications designed to lure users into installing them by exploiting the brand recognition of popular movie franchises, musicians, video games and stores. Each of the malicious apps spammed the victim's mobile device with surveys and advertising offers while failing to perform functions as advertised.
"Users can avoid an entire world of worry by simply checking the basic details when confronted with a link or offer from an unknown source. Cybercriminals are banking on the fact that social media users want to quickly share content and that they won't thoroughly investigate links before spreading them to friends," continued Boyd. "It is amazing how helpful little things can be when trying to keep yourself safe online. For example, holding the cursor over a link to check if it is directing you to the correct site, reviewing the basic details of an app before installing it on a mobile device or simply asking 'is this offer too good to be true' are basic yet impactful ways to identify and avoid becoming a victim of cybercrime."
Top 10 Threat Detections for May GFI's top 10 threat detection list is compiled from collected scan data of tens of thousands of GFI VIPRE Antivirus customers who are part of GFI's ThreatNet(TM) automated threat tracking system. ThreatNet statistics revealed that Trojans once again dominated the month, taking half of the top 10 spots.
Detection Type Percent Trojan.Win32.Generic Trojan 32.62 Trojan.Win32.Fakealert.cn (v) Trojan 3.36 GamePlayLabs Browser Plug-in 5.41 Yontoo Adware 2.39 Trojan.Win32.Sirefef.pq (v) Trojan 1.42 INF.Autorun (v) Trojan 1.18 GameVance Adware (General) 1.15 Trojan.Win32.Ramnit.c (v) Trojan 1.08 Worm.Win32.Downad.Gen (v) Worm.W32 0.96 Virus.Win32.Sality.at (v) Virus.W32 0.91