Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Pushdo Sent Through E-cards Rank First on March Malware Chart

Fortinet, a leading vendor for UTM (unified threat management) solutions, announced the ten most risky threats reported for March 2008.

Threat researchers at Fortinet observed a rise in malware activity spread over four Sundays between February-end and March-end 2008. The malware that topped the threat chart was Pushdo, which sent out animated e-cards socially engineered to lure recipients with the promise to show nude images.

Fortinet's threat report for March said that anyone who opens the e-mail attachment would allow the Pushdo.EV variant to circulate through different IPs in efforts to establish a session of HTTP so that it can install a rootkit. Derek Manky, Security Research Engineer, Fortinet, said that in this way, the Pushdo botnet is made to expand and be more empowered, as reported by SearchSecurity on April 1, 2008.

Besides, Pushdo.EV accounted for a good 13.5% of total malware activity during March 2008. This meant that the Trojan on the whole was responsible for almost 33% of the overall threats observed.

Manky also said that the activities in March 2008 revealed the size and power of the Pushdo botnet, clearly indicating how the mass e-card technique continues to be popular, as reprted by SC MAGAZINE on April 2, 2008.

He further added that consumers need to be told again that genuine e-cards generally not delivered as e-mail attachments but as links pointing to a Website, which hosts the card. Besides, as a thumb rule, users should refrain from opening attachments arriving via unsolicited e-mails.

Fortinet said that interestingly, the botnet would become most functional on Sundays when users stay at home resting from work.

Meanwhile, according to Fortinet, the most active threat in March was the malicious, Virut.A variant, which rose to the fourth position from its 29th spot in the earlier issue of the same report.

At first glance, Virut.A poses to behave like a legitimate component running with names as "logon.exe", "winlogon.exe" and "spoolsv.exe". But, once installed, the malware tries to set contact with a number of C&C servers through ports 1863, 5190, 10324, and 65520.

Two more malware that remained active on the Top Ten list were MyDoom and MyTob.

Related article: Pushdo/Cutwail is Remarkably Elastic and Productive, Reveal Security Researchers

» SPAMfighter News - 4/8/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page