Fortinet Reports High Risk Threats

by CXOtoday Staff    Apr 09, 2007

Fortinet has announced top 10 most reported high-risk threats for March 2007.

The threats are:
1. W32/Netsky.P@mm : Mass mailer : 4.62.

2. W32/Bagle.DY@mm: Mass mailer : 4.44.

3. HTML/Iframe_CID!exploit:Exploit: 3.93.

4. W32/Grew.A!worm Worm : 2.87.

5. W32/Istbar.PK!tr.dldr :Downloader: 1.63.

6. W32/Everda!tr Rootkit 1.56

7. Adware/Solutions180:Adware : 1.31

8. W32/Istbar.PK!tr.dldr Downloader: 1.63

9. W32/Everda!tr Rootkit: 1.56

10. Adware/Solutions180 Adware: 1.31

The list shows a wide-spread phishing attempt against a new financial institution, the return of 180Solutions Adware, along with an unusual entry, the Everda rootkit. Fortinet adds that the rootkit is used to hide file and registry information by patching the kernel service descriptor table.

As with any emerging rootkit technology, Everda can cause issues with host-based antivirus or antispyware software, since rootkits are harder to detect once installed.
Most notable this month, the Fortinet Global Security Research Team discovered a new instance of a MySpace “phisher worm”, originally reported in November 2006.

The original phisher worm is spread largely by social networking, through individuals unwittingly promoting rogue MySpace login pages by the way of bulletins (messages to all their friends).

The rogue site would then steal the user’s login credentials, and a server-side program on the rogue server would distribute the initial message to friends of the freshly phished user.

Fortinet claims that the latest variant was likely seeded using an available database of stolen profiles that hackers either bought or gathered via a previous phishing operation. They further state that the seemingly safe profiles have been covered with a transparent clickable image to direct visitors to a phishing page.

“Although the specific phisher worms pose immediate danger only to the site’s users, it is a reminder of the threats that exist within popular Web 2.0 communities, as well as the threat to steal financial, business and medical, as well as personal information.”, claims Lovet.