November 13, 2009

Malware attacks surge, says Fortinet

Four-fold increase since September

By Anuradha Shukla

---

Fortinet, a network security provider and unified threat management (UTM) solutions specialist has observed the highest level of total malware detected in more than a year.

According to its October 2009 Threatscape report, the level of total malware detected was four times greater than detected in September. Scareware tactics hit an all-time peak last month and the attacks were very severe.

Frequency of these attacks has increased and they are occurring faster and harder than ever. A glance at the top 10 malware list shows that as many as seven malware variants point back to scareware. Researchers also observed recent scareware campaigns in the form of botnets and corrupted advertisements.

Need for more protection increases

Fortinet's October Threatscape report reveals that scareware dominated October in the form of rogue security software, posing as the security suite AntiVirus Pro 2010. The damage is done in many ways.

Unsuspecting users can be encouraged to buy software that can harm their PCs and open them for cyber criminals. This kind of scareware activity has delisted the pesky Virut and Netsky out of the top 10 malware list for the first time in more than a year.

A combination of Trojan downloader Bredolab and scareware downloaders has taken users by surprise. Bredolab reports to its network to get the latest components to download and in October downloaded the AntiVirus Pro 2010 installers. According to the report, Bredolab was also linked up to ZBot keylogger through this download chain.

This nefarious alliance means users have to protect themselves from an information-siphoning Trojan and a scareware product. The researchers detected two main Bredolab variants this month: W32/Bredo.G and W32/Bredolab.X. These were included in fake DHL invoice spam campaigns.

Software downloaders are prime target

Threat statistics and trends for October were compiled by FortiGuard Labs based on data collected from FortiGate network security appliances and intelligence systems in production worldwide.

Scareware has topped the malware chart in October and the researchers say the high threat levels are in part due to the money-making affiliate programmes that promise participants a pay-out on each software download purchased. Tools and kits are readily available to participating affiliates, accelerating the distribution of scareware and other malicious components.

"We're seeing record levels of scareware building off volume from September, and the danger in these threats is only becoming more serious as the methods for delivery evolve and the blending of attacks bring more complexity," said Derek Manky, project manager, cyber security and threat research, Fortinet.

"As we've seen in the consistency of repeated threats, the old schemes are still proving to be good methods. Enterprises and consumers must take equal responsibility in understanding the disguises of these threats and implementing a multi-pronged security solution that addresses the different and changing characteristics of tried and true tactics."

Newsletters

Your daily injection of CW news and expert analysis: we’ll bring the news to you.