Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Pushdo Sent Through E-cards Rank First on March Malware Chart

Fortinet, a leading vendor for UTM (unified threat management) solutions, announced the ten most risky threats reported for March 2008.

Threat researchers at Fortinet observed a rise in malware activity spread over four Sundays between February-end and March-end 2008. The malware that topped the threat chart was Pushdo, which sent out animated e-cards socially engineered to lure recipients with the promise to show nude images.

Fortinet's threat report for March said that anyone who opens the e-mail attachment would allow the Pushdo.EV variant to circulate through different IPs in efforts to establish a session of HTTP so that it can install a rootkit. Derek Manky, Security Research Engineer, Fortinet, said that in this way, the Pushdo botnet is made to expand and be more empowered, as reported by SearchSecurity on April 1, 2008.

Besides, Pushdo.EV accounted for a good 13.5% of total malware activity during March 2008. This meant that the Trojan on the whole was responsible for almost 33% of the overall threats observed.

Manky also said that the activities in March 2008 revealed the size and power of the Pushdo botnet, clearly indicating how the mass e-card technique continues to be popular, as reprted by SC MAGAZINE on April 2, 2008.

He further added that consumers need to be told again that genuine e-cards generally not delivered as e-mail attachments but as links pointing to a Website, which hosts the card. Besides, as a thumb rule, users should refrain from opening attachments arriving via unsolicited e-mails.

Fortinet said that interestingly, the botnet would become most functional on Sundays when users stay at home resting from work.

Meanwhile, according to Fortinet, the most active threat in March was the malicious, Virut.A variant, which rose to the fourth position from its 29th spot in the earlier issue of the same report.

At first glance, Virut.A poses to behave like a legitimate component running with names as "logon.exe", "winlogon.exe" and "spoolsv.exe". But, once installed, the malware tries to set contact with a number of C&C servers through ports 1863, 5190, 10324, and 65520.

Two more malware that remained active on the Top Ten list were MyDoom and MyTob.

Related article: Pushdo/Cutwail is Remarkably Elastic and Productive, Reveal Security Researchers

» SPAMfighter News - 08-04-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next