Botnets drive the rise of ransomware

Ransomware is the dominating threat with nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim’s PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet “loaders” – Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard’s top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of the detected activity last month.

Key threat activities for the month of March include:

SMS-based ransomware high activity
A new ransomware threat, DigiPog, is an SMS blocker using Russian language, locking out a system and aggressively killing off popular applications like Internet Explorer and FireFox until an appropriate code is entered into a field provided to the user. To obtain the code, a user must send a SMS message to the provided number, receiving a code in return. Upon execution, DigiPog registers the user’s MAC address with its server. It is the first time that SMS-based ransomware enters Fortinet’s top ten list, showing that the rise of ransomware is well on its way.

The competition gets tough: While the infamous Bredolab and Pushdo botnets can be identified behind the strong ransomware activity this month, a challenger has been particularly active this month. Sasfis, another botnet loader, moved up eight positions in our Top 100 attack list from last month, landing just behind Gumblar and Conficker network activity in the fifth position. Sasfis is just the latest example of simplified botnets, which are used heavily for malicious business services (crime as a service).

Zero-day attack forces in
A new zero-day threat aggressively entered FortiGuard’s top ten attack list: MS.IE.Userdata.Behavior.Code.Execution – this exploit triggers a vulnerability in Internet Explorer, making remote code execution through a drive-by download (no user interaction required) possible. Accounting for one fourth of the detected activity in March, this exploit was ranked number two in our top ten attacks last month and remains very active, predominantly in Japan, Korea and the U.S.

“As we predicted for 2010, cybercriminals are clearly pursuing new ways to lure consumers and threaten the enterprise at large. Troublesome zero-day exploits continue to attack popular client-side software, while methods such as ransomware and crime as a service help them increase their reach and make their attacks more effective against end users,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “With cybercrime techniques getting more sophisticated every day, it is critical to educate users on the importance of having the right security software and patches in place. Robust security services and safe practice can help protect consumers and organizations against known vulnerabilities, but also unknown ones such as zero-day threats.”

Don't miss