Fortinet Unveils Fast Spreading TDSS Family of Rootkits
In the latest release of a Threat Landscape report by Fortinet, a foremost network security provider, details of two major detections owned by the TDSS family of rootkits and competent of violating 64-bit Windows operating systems were unveiled.
TDSS rootkit is difficult to be detected and removed. It can access completely any system infected by it and at the same time can hide its activity from the administrators and end users.
According to Derek Manky, Senior Security Strategist at Fortinet, in mid-April 2011, Microsoft had sanctioned a security advisory for fixing up all the vulnerabilities related to driver signing enforcement that were exploited by the TDSS family of rootkits, reported marketwire on June 9, 2011.
This severe update is recommended highly for people using an affected x64 edition of Microsoft Windows as TDSS still seems to be active and potent. Like malicious Websites that host exploit kits, these rootkits extend via ordinary infection methods much similar to spiteful websites that host exploit kits. Of recent, an original 64-bit rootkit emerge had been noticed by using a completely different method for subverting x64-based systems.
Apart from the rootkits, the most recent report also enlightens on forged antivirus. As the report signifies, forged antivirus software is an already tried model for cybercriminals, who are operating on the basis of pay-per-purchase. Here, affiliates (distributors who infect systems with the bogus software) obtain commissions, only if the victim is trapped and purchases a full version of the forged software. Of recent, similar kind of software has entered into the Mac OSX platform through MacDefender and MacGuard.
Fascinatingly, the report also leads the top malware families detected by Fortinet in May 2011. Forged antivirus loader, Fraudload.OR (6.97%) was the most tarnished malware family that made entry in May 2011. W32/Injector.fam!tr (5.04%), and W32/BanLoader.TAL!tr (4.44%), placed at second and third, respectively followed it.
Lastly, the report also throws some light on spams that were recorded by the firm in May 2011. The report claims the takedown of Rustock to be a technical knockout to spam as the rates remained 15% lower months even some times after the downfall of Rustock. This is truly an outstanding victory in the event of violence against cybercrime.
Related article: Fortinet Pinpoints Ten Biggest Threats
» SPAMfighter News - 20-06-2011