Internet Industry Association

This website is accessible in two versions. A graphic rich, full featured version and a non-graphic version (text only) intended for people with vision-impairment and those who want an even faster experience using the website.text-only site
Home Australian Resources International Resources News Centre About IIA About This Project
Security Portal
About This Site Contact Us Feedback Search image: spacer
News Centre
Press Release
Speeches
Multimedia
image: side toolbar border

 
Big Jump in Mass-mailers During February, Fortinet 3 March 2005

During February 2005 (from 1st - 24th) Fortinet detected over 1000 malicious codes (including variants). Of these some 40% were Trojans and backdoors, 10% mass mailer worms, 20% net worms (worms which propagate through the network without resorting to mass mailing, but rather to exploits, shares, instant messengers...), 10% simple droppers and 20% were grayware (the majority being adware).

Guillaume Lovet, EMEA AV team leader, Fortinet, says, "The malware activity we saw during February represents a slight decrease in the percentage of Trojans from last month (51% vs 40%). However, we have noticed an increase in the percentage of mass mailing worms, (5% vs 10%). This could be explained by the recent resurgence of MyDoom, with the variant MyDoom.BB, followed by several minor variants, as well as the recent appearance of Sober.K, with its relatively new, but far-reaching social engineering strategy."

Three significant threats discovered this month were:
1. W32/Bropia: entered the scene in early February. This worm can be considered as particularly innovative, since it propagates by MSN Instant Messenger: It retrieves the infected user's contact list and tries to send itself to all the contacts.
2. Guillaume Lovet says, "The technique deployed by this worm represents a major breakthrough in terms of social engineering methods: Users are very likely to trust their IM contacts and to open the files they'd send."
3. MyDoom.BB: similar to previous variants of this worm, but went one interesting step further in terms of mass mailing worms. Whilst such worms harvest email addresses to send themselves to from the infected computer, MyDoom.BB attempts to implement the help of four Internet search engines to harvest more email addresses for it's mass-mailing routine. The four sites involved have invoked blocking techniques, however, to limit the use of their services for such purposes. The use of this technique might very well have been inspired by the perl worm Santy, that appeared in late December: This one targeted web servers, by exploiting a flaw in a widespread php script. Once a server had been infected, the worm would search for new targets by querying a leading search engine.
4. Sober.K: This latest variant of the Sober worm, uses social engineering to entice users into opening the attachment. Victims receive an email which claims to be from the FBI. The email informs them that their Internet surfing habits have been monitored, and that they have been logged visiting illegal web sites. The email explains that they are required to fill in the attached questionnaire - the attachment contains the virus. Victims receive an email with the the following 'Dear Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Etc.

As computer uses become more security conscious, malware writers are having to deploy ever-more far-reaching social engineering techniques to ensure the spread of their malicious code.

The advice remains the same: DO NOT click on attachments unless you are sure they originate from a trusted source. The advent of the Bropia worm also illustrates that additional care must be taken when using Instant Messaging. Always make sure the message is coming from the person who claims to have sent it - and finally make sure you are running up-to-date virus protection on your IT systems.

Top

 
  Proudly hosted by
  Proudly hosted by Web Central		 Site Map  |   Disclaimer  |   Terms & Conditions  |   Privacy  |  Text Only Site
powered by nuero