Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

‘Do-it-Yourself’ Botnet Kits Gain Momentum

Fortinet released its August 2010 Threat Landscape report showing some interesting changes and shifts from previous months, with an interesting trend in “Do-It-Yourself” Botnet Kits gaining momentum and becoming a serious threat.

Fortinet released its August 2010 Threat Landscape report showing some interesting changes and shifts from previous months, with an interesting trend in “Do-It-Yourself” Botnet Kits gaining momentum and becoming a serious threat.

A highly detected infection in August came from variants of ZeuS/ZBot, mainly as a result of do-it-yourself ZBot botnet kits that provide malware creators the tools required to build and administer a their own botnet. These botnet kits are by no means new to the market, but have gained serious momentum recently. The botnet kits even include an easy to use control panel application to maintain/update the botnet, and to retrieve the captured information. A configurable builder tool allows the author to create the executables that will be used to infect victim’s computers.

These ZeuS/ZBot trojans are typically spread via spam and black hat SEO poisoning, appearing to come from legitimate sources, asking recipients to click on a link which installs the malware and then sits silently, waiting for users to enter in their credentials to particular sites such as an online banking site. As SecurityWeek noted earlier this month, ZeuS variants had been discovered that target U.S. military personnel.

In addition to the ZeuS/ZBot threat, another notable attack in Auguest was the Windows Help Center vulnerability, which made it to the top position in Fortinet’s Top 10 attack list. The attack (CVE-2010-1885) experienced an exceptionally large spike in activity earlier in August. Exploitation of this attack can be rather potent since the vulnerability is NOT Web browser-specific.

Additionally, Fortinet research showed ransomware variant TotalSecurity making its biggest comeback since March. Ransomware is malware, usually disguised in fake anti-virus software, that locks out applications and data from a user’s PC and then demands ransom for restored access. TotalSecurity loader (W32/FakeAlert.LU) was the no. 1 malware detected this month by Fortinet’s FortiGuard Labs.

“One indicator we observed this month was that the Ransomware application had gone server-side polymorphic, which means that the loader will connect to a single server and request a single file, but the code changes on an hourly basis in order to avoid detection,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection.”

FortiGuard Labs compiled threat statistics and trends for August based on data collected from FortiGate network security appliances and intelligence systems in production worldwide.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.