“We observed Sasfis loading a spambot component, which was heavily used to send out binary copies of itself in an aggressive seeding campaign,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “The Sasfis socially-engineered emails typically had two themes; one looked like a fake UPS Invoice attachment, and the other was disguised as a fees statement. Much like the Pushdo and Bredolab botnets, Sasfis is a loader the spambot agent is just one of multiple components downloaded.”
IE Vulnerabilities Come Out of Retirement
This month, FortiGuard Labs saw a hit-and-run attack for the Internet Explorer HTML Object Memory Corruption Vulnerability (known as CVE-2010-0249 within Microsoft and MS.IE.Event.Invalid.Pointer.Memory.Corruption within Fortinet). This attack first surfaced in January 2010 and used in the infamous Aurora attacks to plant spy trojans within targeted, major corporations. The attack has since subsided, last appearing in FortiGuard’s top 10 in February’s Threat Landscape report.
Additional threat activities for the month of June:
200 Vulnerabilities: FortiGuard Labs covered more than 200 new vulnerabilities this period, nearly double from last report. This suggests that an increase in software vulnerabilities continue to be disclosed, ultimately available to hackers for malicious use.
Flash and Excel Vulnerabilities: FortiGuard Labs discovered four Flash and Excel vulnerabilities, which were disclosed and patched this period. For more information see FortiGuard's Adobe and Microsoft advisories.
FortiGuard Labs compiled threat statistics and trends for June based on data collected from FortiGate' network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.
To read the full June Threat Landscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_june_2010.html. For ongoing threat research, bookmark the FortiGuard Center or add it to your RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.