Two Fresh Samples of Malware Attack Facebook Users; Reports Fortinet
Major network security supplier as also global leader of solutions for unified threat management, Fortinet published its most recent April 2011 Threat Landscape Report that elaborates 2 fresh malware samples against Facebook users.
Appearing as originating from Facebook, the malware apparently notify members of Facebook that there has been a resetting of their passwords, which can be obtained from a given malevolent attachment. But, if the attachment is opened, it instantly contaminates users' PC.
Stated Senior Security Strategist Derek Manky at Fortinet, when the company examined the malware programs, it identified them to be botnet loaders that on running, linked up with a C&C server for downloading and exhibiting a file, which showed fake password, while trying to appear genuine. Sys-con.com published this on May 11, 2011.
Manky added that later the botnet kept on carrying out its malicious task, while issuing commands to files.
Notably, Fortinet detected the 5 most-prevalent malware groups during April 2011 that included W32/Deliv.AJ!tr (17.22%), W32/Katusha.5456!tr (11.49%), W32/Menti.2B76!tr (11.27%), W32/Injector.fam!tr (6.79%), W32/Sasfis.9848!tr (5.78%).
Additionally, the security company's latest report further gives an insight into botnets. On April 16, 2011, the FBI brought down a huge botnet operation from the Coreflood (circa 2002). This network-of-bots had contaminated 2.3m systems as well as stole a huge sum of dollars from unwitting PC-operators.
Alongside the above, the report also discusses that whilst spam mails keep on circulating, they stay approximately 15% less than the mean levels of those prior to the shutdown of the Rustock network-of-bots during March 2011.
Though this is welcome, it is likely to be very short-lived as a fresh botnet distributing spam will actually take over. Nonetheless, in the new instance, online-crooks may think again regarding their next course-of-action given that many botnets have been dismantled recently followed with their operators' prosecutions. Furthermore, according to the report, the widely-known spam links detected, all led onto the most frequently-visited ".ru" domain in Russia. Commonly the modern botnet operations were found in Japan. Also, a highly-active botnet is Tropig, with the majority of its identifications located in newer origins like the Middle-East, Sweden and Norway, the report outlines.
Related article: THE SPAM MAFIA
» SPAMfighter News - 11-05-2011