With the month not quite complete, Fortinet, in an effort to get the results out before the distractions of a holiday weekend in the U.S., today revealed its Threat Landscape report for June 2010.
The month of June showed new variations of the Sasfis botnet entering the Top malware 10 list along with the re-emergence of older threats. Sasfis, which has been competing with the Pushdo botnet in terms of sheer volume, was very active this month.
“We observed Sasfis loading a spambot component, which was heavily used to send out binary copies of itself in an aggressive seeding campaign,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “The Sasfis socially-engineered emails typically had two themes; one looked like a fake UPS Invoice attachment, and the other was disguised as a fees statement. Much like the Pushdo and Bredolab botnets, Sasfis is a loader - the spambot agent is just one of multiple components downloaded.”
In June, Fortinet discovered the re-emergence of a hit-and-run attack with an Internet Explorer HTML Object Memory Corruption Vulnerability (known as CVE-2010-0249 at Microsoft and MS.IE.Event.Invalid.Pointer.Memory.Corruption at Fortinet). This attack first surfaced in January 2010 and used in the infamous Aurora attacks to plant spy trojans within targeted, major corporations. The attack has since subsided, last appearing in FortiGuard’s top 10 in February’s Threat Landscape report.
Additional threat activities for the month of June include:
• 200 New Vulnerabilities: FortiGuard Labs covered more than 200 new vulnerabilities this period, nearly double from last report.
• Flash and Excel Vulnerabilities: Four Flash and Excel vulnerabilities were disclosed and patched this period.
Top 10 Attacks for June 2010
Fortinet’s monthly threat report is compiled from threat statistics and trends for June based on data collected from the company’s FortiGate network security appliances and intelligence systems in located around the world.