Fortinet reveals March threats

Johannesburg, 12 Apr 2007

Fortinet has revealed the top 10 most reported high-risk threats for March 2007, in a report compiled from all FortiGate multi-threat security systems in production worldwide.

According to Guillaume Lovet, threat research team manager at Fortinet, during March there was a wide-spread phishing attempt against a new financial institution. He said it also heralded the return of 180Solutions Adware, and an unusual entry into the top 10, the Everda rootkit.

Lovet describes this rootkit as being used to hide file and registry information by patching the kernel service descriptor table. Everda can cause issues with host-based antivirus or antispyware software, since rootkits are harder to detect once installed.

The team also found a new instance of a MySpace "phisher worm," first reported in November 2006. The original phisher worm was spread mostly through social networking, through individuals unwittingly promoting rogue MySpace login pages by way of bulletins (messages to all of their friends). The rogue site would then steal the user's login credentials, and a server-side programme on the rogue server would then distribute the initial message to the friends of the freshly phished user.

<B>ITWeb Security Summit 2007</B>

Taking place from 22 - 25 May 2007 at Vodaworld, ITWeb's Security Summit will bring together international and local IT and security professionals, practitioners, industry experts and analysts. Delegates will gain an understanding of the key tools, techniques and strategies needed to safeguard their organisations' most valuable asset - information. International security guru, Bruce Schneier, and creator of the PGP e-mail encryption protocol, Phil Zimmermann, will deliver the opening keynote addresses. Click here for booking information.

He says the latest variant was likely seeded using an available database of stolen profiles that the hackers either bought or gathered via a previous phishing operation. The seemingly safe MySpace.com profiles have been covered with a transparent clickable image that directs visitors to a phishing page. "When these visitors enter their credentials into the rogue site, the programme sitting on the rogue server injects the malicious code into the users' profiles, now giving their profiles the transparent clickable image, thereby furthering the propagation of the phisher worm."

"MySpace.com allows its users to embed HTML in various parts of their profile pages, which is a popular Web 2.0 feature, but also a breeding ground for threats such as the phisher worm," Lovet adds. "Although the specific MySpace.com phisher worms pose immediate danger only to the site's users, it is a reminder of the threats that exist within popular Web 2.0 communities, as well as the threats that exist to steal financial, business and medical, as well as personal information."

For the full report, go to: http://www.fortiguardcenter.com/reports/roundup_mar_2007.html.