The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements
|Fortinet®’s FortiGuard Threat Landscape Research Team Reports Four Samples of Money Making Malware to Watch for in 2013|
|Posted: Mon Feb 04, 2013 02:43:08 PM|
Team Also Identifies an Increase in Mobile Advertising Malware Toolkits and in Hacktivist Web Server Vulnerability Scanning.
SUNNYVALE, Calif., February 04, 2013 ? Fortinet® (NASDAQ: FTNT) ? a world leader in high-performance network security – today announced the findings of its FortiGuard threat landscape research for the period of October 1 ? December 31, 2012. FortiGuard® Labs has highlighted malware samples that show four typical methods cyber criminals are using today to extract money from their victims. In addition, the report shows increasing activity in mobile malware variants of the Android Plankton ad kit as well as in hacktivist Web server vulnerability scanning.
Four Money Making Malware to Watch for in 2013
In the last three months, FortiGuard Labs has identified four pieces of malware that spiked, showing high levels of activity within a very short period of time (from a day to a week). The following examples reflect four typical methods cyber criminals are using today to monetize their malware:
"While methods of monetizing malware have evolved over the years, cybercriminals today seem to be more open and confrontational in their demands for money ? for faster returns,” said Guillaume Lovet, senior manager of FortiGuard Labs' Threat Response Team. “Now it's not just about silently swiping passwords, it's also about bullying infected users into paying. The basic steps users can take to protect themselves, however, have not changed. They should continue to have security solutions installed on their computers, update their software diligently with the latest versions and patches, run regular scans and exercise common sense."
Android Mobile Advertising Malware
In the last threat landscape report, FortiGuard Labs detected a surge in the distribution of the Android Plankton ad kit. This particular piece of malware embeds a common toolset on a user’s android device that serves unwanted advertisements in the user’s status bar, tracks the user’s International Mobile Equipment Identity (IMEI) number and drops icons on the device’s desktop.
In the last three months, the kit’s activity plunged. In its place, FortiGuard Labs has detected the rise of ad kits that appear to be directly inspired by Plankton and have approached the same elevated activity level Plankton was operating at three months ago.
"The ad kits we’ve monitored suggest that Plankton's authors are trying to dodge detection. Either that, or competing ad kit developers are trying to take a piece of the lucrative adware cake. Either way, the level of activity we’re seeing with ad kits today suggests that Android users are highly targeted and thus should be especially vigilant when downloading apps to their smartphones," said Lovet.
Users can protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.
Hacktivist Scanning Tool Goes Into Overdrive
In the third quarter of 2012, FortiGuard Labs detected high activity levels of ZmEu, a tool that was developed by Romanian hackers to scan Web servers running vulnerable versions of the mySQL administration software (phpMyAdmin) in order to take control of those servers. Since September, the activity level has risen a full nine times before finally levelling off in December.
"This activity spike suggests a heightened interest by hacktivist groups to facilitate various protests and activist movements around the world. We expect such scanning activity to remain high as hacktivists pursue an ever-increasing number of causes and publicise their successes," Lovet continued.
To secure Web servers against this threat, FortiGuard Labs recommends updating to the latest version of PhPMyAdmin.
Visit the Fortinet FortiGuard Researchers at RSA
Fortinet will be participating at the upcoming RSA security conference, which is taking place February 25 – March 1 at San Francisco’s Moscone Center. Stop by booth #2025, meet the members of the FortiGuard research team, see a demonstration of the lab’s latest threat intelligence services and receive a free USB wristband.