Pushdo Sent Through E-cards Rank First on March Malware Chart
Fortinet, a leading vendor for UTM (unified threat management) solutions, announced the ten most risky threats reported for March 2008.
Threat researchers at Fortinet observed a rise in malware activity spread over four Sundays between February-end and March-end 2008. The malware that topped the threat chart was Pushdo, which sent out animated e-cards socially engineered to lure recipients with the promise to show nude images.
Fortinet's threat report for March said that anyone who opens the e-mail attachment would allow the Pushdo.EV variant to circulate through different IPs in efforts to establish a session of HTTP so that it can install a rootkit. Derek Manky, Security Research Engineer, Fortinet, said that in this way, the Pushdo botnet is made to expand and be more empowered, as reported by SearchSecurity on April 1, 2008.
Besides, Pushdo.EV accounted for a good 13.5% of total malware activity during March 2008. This meant that the Trojan on the whole was responsible for almost 33% of the overall threats observed.
Manky also said that the activities in March 2008 revealed the size and power of the Pushdo botnet, clearly indicating how the mass e-card technique continues to be popular, as reprted by SC MAGAZINE on April 2, 2008.
He further added that consumers need to be told again that genuine e-cards generally not delivered as e-mail attachments but as links pointing to a Website, which hosts the card. Besides, as a thumb rule, users should refrain from opening attachments arriving via unsolicited e-mails.
Fortinet said that interestingly, the botnet would become most functional on Sundays when users stay at home resting from work.
Meanwhile, according to Fortinet, the most active threat in March was the malicious, Virut.A variant, which rose to the fourth position from its 29th spot in the earlier issue of the same report.
At first glance, Virut.A poses to behave like a legitimate component running with names as "logon.exe", "winlogon.exe" and "spoolsv.exe". But, once installed, the malware tries to set contact with a number of C&C servers through ports 1863, 5190, 10324, and 65520.
Two more malware that remained active on the Top Ten list were MyDoom and MyTob.
» SPAMfighter News - 08-04-2008