Fortinet: Botnets Battle For Digital Real EstateFortinet: Botnets Battle For Digital Real Estate
Gumblar and Sasfis continue to gain momentum
May 3, 2010
SUNNYVALE, Calif., May 3, 2010 - Fortinet' (NASDAQ: FTNT) - a leading network security provider and worldwide leader of unified threat management (UTM) solutions – today announced its April 2010 Threatscape report showed high activity from multiple botnets, namely Gumblar and Sasfis. While Gumblar remained in the No. 1 position in Fortinet’s Top 10 Network Attacks list, the Sasfis botnet ranking was bolstered by two of its executables prevalent in Fortinet’s Antivirus Top 10 listing. Like Bredolab, Sasfis is a botnet loader that reports statistics and retrieves/executes files upon check-in. However, Sasfis differs since it is newer and does not employ encryption (all communications are sent through HTTP unencrypted). Nonetheless, Sasfis continues to spread aggressively and typically loads banking trojans among other malicious files.
Additional key threat activities for the month of April include:
Microsoft Vulnerabilities: The Internet Explorer vulnerability MS.IE.Userdata.Behavior.Code.Execution (CVE-2010-0806) was the second-most detected malicious network activity for the second report in a row. While in its zero-day state, Fortinet observed an attack on this vulnerability that installed the infamous Gh0st RAT spy-trojan, a fully-functioning remote administration tool that also streams Webcam video and audio feeds. Secondly, FortiGuard Labs also discovered two memory corruption vulnerabilities in Microsoft Office Visio that allow a remote attacker to compromise a system through a malicious document. The vulnerabilities are triggered when opening and rendering a Visio file. A remote attacker could craft a malicious document that exploits either one of these vulnerabilities, allowing them to compromise a system.
Adobe Acrobat vulnerabilities: Fortinet’s FortiGuard Labs also discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document. The vulnerabilities are triggered when opening and rendering a PDF document. A remote attacker could craft a malicious document which exploits either one of these vulnerabilities, allowing them to compromise a system.
Ransomware and Scareware still top virus detection: This is no surprise, as Scareware has been consistently prevalent since September 2008. Ransomware, on the other hand, began making headway in 2010 due to incentives from affiliate-backed programs that pay out when victims purchase the fake products.
Cutwail spambot leveraged for money mule recruitment: Fortinet continues to observe the Cutwail spambot, which has been active for years, send various spam campaigns for its customers. The spam sent by Cutwail this month typically included malicious links to eCard binaries or emails with the binaries themselves attached. There were various money mule recruitment themes observed in spam emails this report, showing a growing demand for jobs on the black market.
“Money mules are essentially money laundering vehicles utilized by cyber criminals to handle and transfer illicit funds,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “The mule receives a commission for doing the transfer. These transfers are typically done in batches of $10,000 USD or less. Money mule positions are, more times than not, crafted as legitimate sounding jobs, such as accounts receivable positions. If something seems too good to be true, it generally is.”
Another money mule campaign example can be found here: http://www.fortiguard.com/pics/threatscape1209/image-05b.png
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
5 Reasons To Move your PKI Deployment to the Cloud