Fortinet announces top reported threats for March 2007

• Email
• Print
• ( 0 )
• 

The report, compiled from all FortiGate multi-threat security systems in production worldwide, is a service of the Fortinet Global Threat Research Team.

Fortinet– the pioneer and leading provider of unified threat management (UTM) solutions – announced the top 10 most reported high-risk threats for March 2007. The report, compiled from all FortiGate multi-threat security systems in production worldwide, is a service of the Fortinet Global Threat Research Team.

The March top 10 list shows a widespread phishing attempt against a new financial institution, the return of 180 Solutions Adware, and, an unusual entry into the top 10, the Everda rootkit. This rootkit is used to hide file and registry information by patching the kernel service descriptor table. As with any emerging rootkit technology, Everda can cause issues with host-based antivirus or antispyware software, since rootkits are harder to detect once installed.

Most notable this month, the Fortinet Global Security Research Team discovered a new instance of a MySpace “phisher worm,” originally reported in November 2006. The original phisher worm was spread

largely by social networking, through individuals unwittingly promoting rogue MySpace login pages by way of bulletins (messages to all of their friends). The rogue site would then steal the user's login credentials, and a server-side program on the rogue server would then distribute the initial message to the friends of the freshly phished user.

The latest variant was likely seeded using an available database of stolen profiles that the hackers either bought or gathered via a previous phishing operation. The seemingly safe MySpace.com profiles have been covered with a transparent clickable image that directs visitors to a phishing page. When these visitors enter their credentials into the rogue site, the program sitting on the rogue server injects the malicious code into the users’ profiles, now giving their profiles the transparent clickable image, thereby furthering the propagation of the phisher worm.

“MySpace.com allows its users to embed HTML in various parts of t

heir profile pages, which is a popular Web 2.0 feature, but also a breeding ground for threats such as the phisher worm,” said Threat Research Team Manager, Guillaume Lovet. “Although the specific MySpace.com phisher worms pose immediate danger only to the site’s users, it is a reminder of the threats that exist within popular Web 2.0 communities, as well as the threats that exist to steal financial, business and medical, as well as personal information.”