The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements
|Botnets Battle for First Place in Fortinet's November '09 Threatscape Report|
|Posted: Fri Dec 11, 2009 02:10:00 PM|
Fortinet - a leading network security provider and worldwide leader of unified threat management (UTM) solutions - today announced its November 2009 Threatscape report showed consistent highs in overall malware detected, marking the third month of significantly increased activity. Contributing to the high volume this period were new variants of Pushdo/Cutwail, which pushed the rampant Bredolab loader from last period's report out of mainstream in order to secure the number one and two positions in the top 10 malware list. Not far behind, ZBot and Scareware still remained active, borrowing popular and successful social engineering and spam tactics to gain ground. iPhone threats were also very active in November with four new attacks reported. Key highlights of the November Threatscape report include:
* Battle of the Bots - Look Who Prevails: Pushdo is back. Bredolab may have taken the fame and glory with high placement in the October top malware list, but it lost the botnet fight to Pushdo/Cutwail during this period, which accounted for 30 percent of total malware activity, nearly double of last month's Bredolab and Scareware daily records. The Pushdo botnet is commonly known to download the Cutwail Trojan, among other components, and uses simple trickery in the form of social engineering hooks and spam to lure in victims. Once downloaded, Cutwail mass mails new spam templates - pirated software and pharmacy spams - which like scareware, comes with an alluring profit margin due to affiliate programs.
* Spam Stirs up New Scams: Spam campaigns took on new forms this period, with ZBot driving high levels of activity for the second consecutive month and a new Trojan-seeding downloader, Sasfis, prevalent through at least three distinct spam campaigns. Ranking at number three and number 10 of the top malware list, Sasfis variants used the subjects 'payment request,' 'mailbox has been deactivated' and 'Facebook updated account agreement' to spam users with a .zip attachment that contains the Trojan. Multiple ZBot attacks were observed, each carrying distinct social engineering tactics: one used an H1N1 scare tactic to lure users to a web site serving ZBot, while another attached the malicious bot disguised as a balance-checking tool for Verizon Wireless. Combined with the prominence of Cutwail, November experienced a peak in spam activity.
* New Attacks to Keep You on your Toes: iPhone threats were in full force this period with four new attacks exploiting jailbroken iPhone devices: (1) malware targeted at Dutch-speaking iPhone users for ransom money, (2) a tool that steals SMS contacts (HackerTool/iPhoneStealer), (3) a worm that changes the background image and (4) another concerning worm that attempts to steal banking credentials (iPhoneOS/Eeki).
"For the last few months we've reported record highs in the overall volume of malware and daily attacks, with threat levels continuing to top that of the previous month. Botnets like Pushdo/Cutwail continue to evolve, placing emphasis on obfuscation and encryption. In addition, old tricks simply leverage new layers of complexity to further penetrate systems while cyber criminals test the waters by exploiting smart phones," said Derek Manky, project manager, cyber security and threat research, Fortinet. "We're seeing innovation at its scariest, as hackers remain committed to evolving their scams and developing new approaches. Enterprises must bring the same level of commitment to security - update software, employ valid intrusion prevention systems and layer security within and around the network - in order to guard against the new vulnerabilities and zero-day attacks that rise to the surface each month."
FortiGuard Labs compiled threat statistics and trends for November based on data collected from FortiGateŽ network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services should already be protected against the threats outlined in this report.