Increasing Sasfis Botnet Variants continue Delivering Spam - Fortinet

On 2nd August, 2010, Security firm Fortinet released its Threat Landscape report for July, 2010, which shows that eight variants of Sasfis Botnet are there on the firm's top ten list of malware, during this period. This is a growing phenomenon, as developers keeps on rolling out the upgraded copies of their malware.

In the beginning of year 2010, the Safis botnet was found to installing and implementing fake antivirus software on infected computers. This time it was found installing upgraded spamming schedules. Unique Sasfis spams include false UPS invoices and Facebook photo links.

Derek Manky (project manager, cyber security and threat expert), Fortinet, revealed that Spam bots are changing continuously, delivering different variants of spam themes regularly, as reported by Newswire on 2nd August, 2010.

He added that, on July, they detected many socially devised emails, which came along HTML attachments. Such attachments included complicated Javascript which further directs the recipient to malicious websites. The varients of these spam attacks and their victims reveal how botnets are continuously evolving to fulfill the requirements of their hidden customers.

Beside Sasfis, Spam botnets like Cutwail is also diversifying, distributing many varieties of spam themes regularly. Further, the security firm found that one particular spam email is from Pushdo was an Amazon.com phish. It is a typical phish, easily found floating over the link and seeing where the user is actually going.

Common spam campaigns this report differed from phishes, to enclosed HTMLs which redirects the users to malicious websites, to emails containing malicious attachments. The variety of such spam attacks, and their victims reveal how botnets are continuously evolving to fulfill the requirements of their hidden customers.

The report presented two particular emails, which used money transfer as social networking. HTML files were enclosed in both the cases, which had malicious, complicated javascript. When opened, recipients would be directed to malicious websites.

In the meantime, the report again reveals that more than 30% of the recently secured vulnerabilities are still being exploited, a continuous movement observed more than a year. During this period, 91 new vulnerabilities were added, revealing that the hackers are continuously exploiting a huge number of common security lapses.

Related article: Increasing Security Breaches in Canada Causing Loss of $637,000 a year

» SPAMfighter News - 8/11/2010