Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Fortinet Witnessed Emergence of Asprox Spambot

The malware episode is still dominated by botnets according to the September 2010 Threat Landscape report of the security firm, Fortinet. The firm detected that Sasfis activity soared which was associated with the Asprox spambot that remained silent for more than a year.

The spambot was intended to be used for an email sending campaign. Zipped executable attachments were found in the emails which appeared as fax copies. The attachment turned out to be the Sasfis's copy that downloaded Asprox in order to transfer more spam emails from the users' infected system.

In addition to an increase in Sasfis activity, FortiGuard Labs highlights one variant namely, W32/Katusha.MK!tr. It was analyzed (in September 2010) that this variant downloaded a sniffer module which scans traffic on TCP ports 21, 25 and 110 (FTP, SMTP and POP3). Before sending the traffic present on these ports to a control server in Europe vai HTTP POST, it was processed into encrypted data sets.

According to infosecurity.com on October 1, 2010, the project manager of Cyber Security and Threat Research at Fortinet, Derek Manky commented that FTP credentials which were stolen are often used to hijack web servers and can prove to be quite valuable. It was also observed that the variant downloaded the TotalSecurity ransomware suite which has been high on their malware radar for several weeks.

Besides these observations, the top ten malware variants are enlisted by the new monthly report for September 2010. It includes: HTML/Iframe_CID!exploit (1.5%), W32/Krypt.B!tr.dldr (22.02%), W32/Sasfis.FVF!tr (4.2%), W32/Krypt.D!tr.dldr (17.2%), W32/Katusha.MK!tr (9.0%), W32/Agent.YB!tr (1.2%), HTML/Iframe.DN!tr.dldr (5.6%), W32/Agent.29C7!tr.dldr (3.6%), JS/Redirector.NAU!tr (1.7%), and W32/Sasfis.MA!tr (1.0%).

Fortinet has also revealed the top five malware regions in its monthly report. USA leads with 46.6% of malware variants in September 2010. It is followed by Japan (37.7%), France (28.7%), Taiwan (16.6%) and China (15%) respectively.

Apart from this, the report even unveiled the top spamming countries of the world during September 2010. These include: USA (13.21%), Japan (7.51%), France (5.78%), Taiwan (4.80%) and Italy (2.62%).

Related article: Fortinet Pinpoints Ten Biggest Threats

» SPAMfighter News - 07-10-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next