Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Gumblar Botnet Tops in Fortinet’s April 2010 Threatscape Report

The security firm Fortinet, on May 3, 2010, released its Threatscape report for April 2010. The report revealed the high-profile activities performed by multiple botnets like Sasfis and Gumblar. Gumblar enjoyed with its top rank in Fortinet's list of Top 10 Network Attacks. On the other hand, two of the executables of the Sasfis botnet that are prevalent in the top 10 listings of the security firm, bolstered the botnet's position at the fourth place for spotted malicious network activity.

Sasfis, like Bredolab, is a botnet loader, whose function is to report statistics and execute or retrieve files upon check-in. However, the difference lies in the fact that Sasfis is newer and the botnet does not use encryption. All its messages and communications are disseminated via HTTP unencrypted. However, the botnet continues to propagate aggressively, loading banking trojans into other malicious files.

Cutwail spambot was also observed by Fortinet, which has been actively working for years, distributing virus spam campaigns to its customers. In April, the spam distributed by Cutwail included hazardous links to the eCard zip binaries, or binaries attached with the e-mails. During this period, Fortinet researchers observed that three spam campaigns shared a common motive, promoted from two firms-"web-projects-us.com" and "us-consalt.com", employing similar templates/techniques.

Underneath, these are actually money mule recruitment operations. Money mules are the money laundering machines employed by cyber crooks to control and transfer unlawful funds. For conducting the transfer, these cyber miscreants would pay commission to the mules. These money transfers are made in the batches, usually <= US$10,000. With cyber crooks widening their horizons and making huge bucks, a direct increase in the demand of money mules has been seen.

Fortinet also disclosed that mainly Ransomware and Scareware were behind the virus activity observed in April 2010. Unsurprisingly, Scareware has been consistently rampant since the year 2008, and Ransomware is advancing and progressing this year, all because of incentives from affiliate-backed programs, which disburse when the victims buy bogus products.

Fortinet also said that on the top of their predictions for 2010, the rise of Ransomware has already turned into reality. More movement in the positions available for money mules with the emergence of such campaigns is clearly visible to the researchers.

Related article: Gumblar Attack Diverting Online Users from Google Results to Malicious Pages

» SPAMfighter News - 5/13/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page