Fortinet’s Report Highlights Sasfis Variants, Malicious JavaScript Attacks

Security firm Fortinet recently announced its June 2010 Threat Landscape report, according to which Sasfis botnet's new variations have made an entry into the Top 10 list.

Sasfis, which was seen giving a tough fight to the Pushdo botnet, in terms of volume, was found very activity in June 2010.

As per Derek Manky, project manager, cyber security and threat research, Fortinet, the firm noticed Sasfis loading a spambot component that was majorly used for sending out its own binary copies in a violent seeding campaign, reported Market Watch on June 30, 2010.

The socially-engineered e-mails of Sasfis had mainly two themes, noted Fortinet. One of them appeared as a bogus UPS Invoice attachment while the other was concealed in the form of a fees statement. More-or-less similar to the Bredolab and Pushdo botnets, this botnet is a downloader - spambot being one of the various components downloaded.

According to the reports, in just a period of one month (June 2010) four Excel and Flash vulnerabilities (all of which were discovered and patched during the same period) were recorded along with a hit-and-run assault targeting the HTML Object Memory Corruption Vulnerability in Internet Explorer (CVE-2010-0249) that first emerged in January 2010 and was employed in Aurora attacks.

Then malicious JavaScript code is there in the list, which was the sole detection to top these botnet binaries in terms of malware. Malicious JavaScript code detected as JS/Redir.BK depicted a surge in activity on June 12th and 13th, as a result of which unwary users were redirected to various authentic but infected websites. An injected HTML page called z.htm was hosted by them and distributed via an HTML attachment in junk e-mails.

Manky warned that JavaScript has certainly become one of the most popular attack languages used by hackers, as per the statement published by ITPRO on July 1, 2010. He further added that it is used in an increasing number of PDF attacks, mainly using the heap-spray method. It also plays a crucial role in launching exploits, and as it can tend to be more complicated than the typical attacks of the past based on IFrame, it is also widely used to redirect the browser to malicious websites.

Related article: Fortinet Pinpoints Ten Biggest Threats

» SPAMfighter News - 7/12/2010