February's Threat Landscape

By Sue Poremba | Mar 3, 2011 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/februarys-threat-landscape
Fortinet regularly sends me its threat landscape that provides a pretty good overview of what the bad guys are up to and what methods they are using to attack our networks and computers. This past month, Fortinet worked with Cisco, Adobe and Microsoft to address several zero-day vulnerabilities in their products. Why do this? The report explained:

The idea of course is to discover, protect against and report software security holes before black hat hackers find and exploit them. For the most part, this works - however, it is not perfect. Sometimes hackers can discover and attack an issue what has already been reported, but not yet fixed by a vendor. The larger issue is that hackers today still have success attacking vulnerabilities that have been patched, usually for some time. Make sure you have all your patches up to date, and a valid IPS solution in place to help guard against these cases.

So what kind of changes in activity did Fortinet find this month? Two particular issues: a surge in SpyEye botnet activity and a new credit card phishing e-mail.

I'll be keeping a watch on news about SpyEye, which apparently is competing with Zeus, according to a piece in eWeek Security Watch:

Much like Zeus, the SpyEye kit offers aspiring attackers a "builder module" for creating a Trojan executable and a Web-based front end panel for running a command and control center once a botnet has been effectively assembled.
Among the other features that purveyors of the kit are also marketing to potential buyers are key logger capability, an "auto fill" system for credit card modules, daily e-mail backup, and encryption functions. The toolkit even goes so far as to offer custom infection modes for going after machines in different countries.

As for the new phishing scheme, Fortinet reported:

The new credit card phishing e-mail employs a scare tactic that says the account has been "in violation of policies." In the example discovered, the highlighted link pointed to a rogue domain that did not belong to the card vendor -- however, it streamed authentic content from the card vendor's site.