Exploitations and malware report from Fortiguard Center - December 2008 edition

Top 10 Exploitations

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:
RankVulnerabilityPercentageSeverity
1Trojan.Storm.Worm.Krackin.Detection59.5High
2MS.IIS.Web.Application.
SourceCode.Disclosure
2.5Medium
3Danmec.Asprox.SQL.Injection2.0High
4TCP.PORT01.8Low
5SSLv3.SessionID.Overflow1.6High
6MS.Exchange.Mail.Calender.Buffer.Overflow0.8High
7MS.Network.Share.Provider.Unchecked.
Buffer.DoS
0.8High
8MS.IE.HTML.Attribute.Buffer.Overflow0.8High
9MS.SQL.Server.Insert.Statements.
Privilege.Elevation
0.7High
10MS.SMB.DCERPC.SRVSVC.
PathCanonicalize.Overflow
0.6High

Norman: Summing up 2008 and predictions for 2009

Introduction

In this security article we will focus on the security trends that could be observed during 2008, and will also briefly try to look into the crystal ball to see what can be expected in 2009.

That Was the Year That Was

2008: Another year with no MAJOR incidents - but a plethora of minor

The days seem to have passed when a retrospective look upon the year that has passed could be summed up in a few major events. No particularly big incidents happened in the year that is now coming to its closing.

This does not mean that the Internet community had a quiet and safe year - quite the contrary, actually. In later years we have seen a shift in the types of malware from "a few" major to an almost over-complex amount of malware.

Phishing and spam attacks strike Twitter users

IT security and control firm Sophos has warned members of Twitter to be on their guard against an evolving attack which threatens to steal personal information from them.

Thousands of Twitter users are reporting having received direct messages from friends inviting them to visit a website. Sometimes the lure claims that they could win an Apple iPhone, and on other occasions the messages have pretended to point to funny pictures or blog articles about the recipients.

Monthly Malware Statistics from Kaspersky Lab: December 2008

Two Top Twenties have been compiled from data provided by the Kaspersky Security Network (KSN) throughout December 2008.

The first Top Twenty is based on data collected by version 2009 antivirus products. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.
Position Change in position Name
1 0 Virus.Win32.Sality.aa
2 0 Packed.Win32.Krap.b
3 2 Trojan-Downloader.Win32.VB.eql
4 0 Worm.Win32.AutoRun.dui
5 New Trojan.HTML.Agent.ai
6 -3 Trojan-Downloader.WMA.GetCodec.c
7 10 Virus.Win32.Alman.b
8 12 Trojan.Win32.AutoIt.ci
9 -2 Packed.Win32.Black.a
10 New Worm.Win32.AutoIt.ar
11 3 Worm.Win32.Mabezat.b
12 3 Worm.Win32.AutoRun.eee
13 New Trojan-Downloader.JS.Agent.czm
14 Return Trojan.Win32.Obfuscated.gen
15 1 Email-Worm.Win32.Brontok.q
16 -3 Virus.Win32.VB.bu
17 -6 Trojan.Win32.Agent.abt
18 -8 Trojan-Downloader.JS.IstBar.cx
19 -1 Worm.VBS.Autorun.r
20 New Trojan-Downloader.WMA.GetCodec.r

Fortinet warns about the 'CurseSMS' Mobile Attack

The "CurseSMS" attack is a remote SMS/MMS denial of service, recently discovered by Tobias Engel, and disclosed at CCC. The attack consists in sending a maliciously crafted SMS to the potential target. Upon reception of the malicious SMS, the targeted device may no longer be able to receive any further SMS or MMS messages, its messaging system thereby effectively becoming deaf. Depending on the operating system version, this state may persist until the device is factory reset.

Annual virus activity review from Doctor Web

As the year comes to an end, Doctor Web sums up all events related to malware and outlines trends in its development for 2009. The share of malicious code of the total number of files scanned on user machines doubled this year while the amount of spam messages spreading malware dropped significantly due to the widely discussed closure of McColo. At the same time phishing attacks became more frequent. E-mail, removable data storage devices and web-sites have been used to spread malicious code over the Internet.

The number of files with malicious code found by anti-viruses on user machines increased steadily at the beginning of 2008 and by April it more than quadrupled. The figure didn’t change till July when the number halved reaching 0.01% of the total number of scanned files in August. It has remained virtually unchanged till the end of the year which means that one scanned file out of ten thousand is infected. The diagram below illustrates dependency between the share of infected files and the total number of scanned files.

Researchers found stolen credentials in dropzones

German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people from 175 different countries - and it is only the tip of the iceberg, they say.

The Most Dangerous Malware of 2008 Came From the Internet

It's no surprise - surfing the Internet without a security software installed brings dangerous consequences, especially since the growth of Web threats have increased by nearly 2000 percent since 2005. According to Trend Micro threat researchers, more than 50 percent of the top 100 malware of 2008 came from the Internet and were accidentally downloaded by users surfing unknown or malicious Web sites.

IE7, Firefox get security fixes

The two most popular browsers on the market each received security updates on Wednesday.

Both Mozilla and Microsoft posted patches to address flaws in the latest versions of Internet Explorer 7 and Firefox.

The Mozilla patch addresses some eight security flaws in versions 2 and 3 of the browser. Among the fixes are several vulnerabilities which could be targeted in cross-site scripting attacks, as well as one which could be exploited to remotely execute code.

Worm in alleged coupons of McDonald’s and Coca Cola

The pre-Christmas period is a lucrative time for criminal Internet gangs. The Internet community is sending pictures, presentations, information on offers – and coupons. The virus writers are taking an active part and are packing their harmful software in coupons.
Syndicate content