Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

More adware and mass mailer domination for November.

Fortinet : 04 December, 2007  (Technical Article)
Fortinet's November threat report reveals an increase in the amount of adware and that the pace of mass mailers has significantly increased in anticipation of the holiday season.
Fortinet has announced the top 10 most reported high-risk threats for November 2007. The report, compiled from all FortiGate multi-threat security systems in production worldwide, is a service of Fortinet's FortiGuard Global Security Research Team.

November 2007's top 10 threats, as determined by the degree of prevalence are:.

1 W32/Netsky!similar 10.87%.
2 HTML/Iframe_CID!exploit 8.21%.
3 HTML/Clicker.AC!tr 6.60%.
4 W32/ANI07.A!exploit 5.14%.
5 W32/Stration.JQ@mm 3.11%.
6 W32/MyTob.CJ@mm 2.42%.
7 W32/Bagle.DY@mm 2.25%.
8 W32/Grew.A!worm 2.09%.
9 Adware/Tcent 1.86%.
10 Adware/Bdsearch 1.71%

The beginning of the holiday season led to the arrival of two new adware, TCent and Bdsearch, which reached the top ten for the first time this month. Meanwhile, Clicker.AC, which bypasses code to prevent browser pop-ups, claimed a solid third place.

Mass mailers dominated the top ten in November, remaining a strong threat. Netsky!similar represents the highest volume detected this month with 10.87 percent of the overall reported activity, whereas mass mailer MyTob.CJ, which first reached the top ten in October, and Bagle.DY maintained their level of activity and respectively reached the sixth and seventh positions.

Stration.JQ, absent from the monthly top ten since June, was back in force as November came to a close, jumping into fifth place from last month's 57th position.

For this holiday season, Fortinet security researchers not only reported a general increase in malicious online advertising - with the emergence of new adware such as TCent and Bdsearch - but also an increase in the sophistication of Internet threats in general. Clicker.AC, for instance, has code that is specifically designed to bypass browsers' pop-up blocking technology, which is supposed to block pop-up advertisements. Users who have pop-up blocking enabled should be suspicious if their browsers still display pop-ups. Clicker.AC "anti-anti-popup" technology is a good example of how pop-up generators and pop-up blockers are engaged in an arms race, much like spam filters and spam generators.
Such malware can however be stopped by advanced antivirus solutions, such as the features found in Fortinet's UTM appliances, which will detect and block Clicker.AC before it attempts to circumvent the computer's pop-up blocking features.

Another example of the increasing sophistication of malware is Stration.JQ, which relies on an advanced social engineering strategy based on dual attachments. While the email received by end users aims at misleading them by providing instructions for personal account access, the innovation lays in the attachments: an "authorisation module", which is in fact Stration.JQ, coupled with a PDF attachment containing financial information such as an invoice, a fee analysis, etc. The content of the email and PDF are both intended to stir the user's curiosity and make the request sound legitimate, therefore tremendously increasing the click-through rate of the mass mailer. Unfortunately, any user opening the 'authorisation module' will turn her/his computer into a bot.

"Hacking legitimate site content to host malicious code has become very common. This month, many trusted Internet sites were unwittingly 'hosting' flash advertisements injected with encrypted redirects, forcing users to visit other sites once the ad was displayed. More determined efforts to conceal malware using trusted sources are likely to be made as we enter into the busy holiday season of December," said Derek Manky, security research engineer at Fortinet. "Examples of adware such as Clicker.AC illustrate the trend in what is becoming the blend between malware and grayware and further emphasises the need for threat awareness, not only from the end user's perspective, but also for corporations and their affiliates."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo