Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Mass mailers dominate top ten malicious code for December

Fortinet : 07 January, 2008  (Technical Article)
Fortninet's December threat report showed many of the common threats with three new mass mailers coming into the top ten.
Fortinet has announced the top 10 most reported high-risk threats for December 2007. The report is compiled by Fortinet's FortiGuard Global Security Research Team using intelligence gathered from FortiGate multi-threat security systems in production worldwide.

December 2007's top 10 threats, as determined by the degree of prevalence are:.

1 W32/Netsky!similar 11.05.
2 HTML/Iframe_CID!exploit 8.47.
3 W32/MyTob.FR@mm 3.40.
4 W32/Lovgate.X2@mm 2.90.
5 W32/ANI07.A!exploit 2.82.
6 W32/Bagle.DY@mm 2.57.
7 W32/Zafi.D@mm 2.20.
8 W32/Istbar.PK!tr.dldr 1.93.
9 Adware/Bdsearch 1.83.
10 Adware/Tcent 1.80.

Mass mailers accounted for many of the top ten threats in December, especially through the holiday season. The Netsky!similar threat accounted for the highest volume of activity detected this month with 11.05 percent of the overall reported activity, whereas three mass mailers - MyTob.FR, Lovgate.X2, and Zafi.D - entered the top ten list.

TCent and Bdsearch adware, which also appeared in last month's report, maintained their positions in the top ten list. Meanwhile, the ANI07.A exploit remained very active, claiming a strong position in the top ten for the ninth consecutive month.

The Istbar.PK trojan, which installs a search toolbar on the user's Web browser and can download various adware and trojans, reached the eighth position on the top ten list -- up from the twenty-fifth position last month.

Fortinet security researchers reported at the end of December a "Merry Christmas" spam that was created by the Storm social engineering group and sent out just before Christmas with the intent to leverage the high-volume of online activity. The spam contained links to a Website, which enticed users to follow another link that ultimately led to the Storm infection. Since then, a new wave of spam from Storm that capitalises on New Year's celebrations was monitored, using links that point to a server-side polymorphic executable of Storm.

In a more general analysis of the year, Fortinet security researchers reported that malicious Webpages were a major vector of infection in 2007 - assumeably because this malware technique does not require any user interaction and can consequently be more effective than traditional vectors of infections such as email.

There are three main ways to drive traffic to malicious Web servers: via 'mass-compromising', which is usually achieved by hacking a Web-hosting company server; via search engine results poisoning, which is done by SEO malware sites that seed Web search results by interlinking a large amount of keywords-filled pages; or via a combination of both.

With infection rates as high as twelve percent, as indicated by statistics from live MPack servers during one of the major mass-injection attacks this year, malicious Webpages are more effective than infected emails. Infected emails currently have a click-through rate of around one out of several tens of thousands. This relatively high Web infection rate, combined with the fact that Web traffic is scanned to a lesser extent than email traffic, continues to cause malicious Webpages a major threat for 2008.

"It has become more and more difficult to distinguish malicious Webpages from clean ones," said Guillaume Lovet, threat research team manager at Fortinet. "In order to help avoid infection, we advise users to ensure their browsers are perfectly up-to-date prior to surfing the Web, carefully activate Java script on a per-site basis, and when possible, use operating systems and Web browsers that are less likely to be targeted, such as Linux and Opera."

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo