Fortinet Report Shows Return of Ransomware and Rise of 'Do-it-Yourself' Botnets

Fortinet announced its August 2010 Threat Landscape report, which showed ransomware variant TotalSecurity with its biggest comeback since March. Ransomware is malware that locks out applications and data from a user’s PC and then demands ransom for restored access, and TotalSecurity loader (W32/FakeAlert.LU) was the no. 1 malware detected this month by Fortinet’s FortiGuard Labs.

“Do-It-Yourself” Botnet Kits
In addition to ransomware, another highly detected infection this month is Zeus/ZBot, a do-it-yourself botnet kit that provides a malware creator all of the tools required to build and administer a botnet. The Zeus tools are primarily designed for stealing banking information, but they can easily be used for other types of data or identity theft. This month, ZBot variants were noted to target U.S. military personnel. A control panelapplication is used to maintain/update the botnet, and to retrieve/organize recovered information. A configurable builder tool allows the author to create the executables that will be used to infect victim's computers.

One other notable attack this month is the recent Windows Help Center vulnerability, which was propelled to the front position in our top 10 attack list. The attack (CVE-2010-1885) experienced an exceptionally large spike in activity earlier in the month. Exploitation of this attack can be rather potent since the vulnerability is not Web browser-specific.

Published Date: Sep 02, 2010 12:08 pm | Updated Date: Sep 02, 2010 12:08 pm