Derek Manky, Fortinet's senior security strategist, says that 58% fake AV software was dominated by the FraudLoad malware. Traditionally, he noted, FraudLoad installs fake anti-virus utilities on an unsuspecting user's system, but in the Fortinet labs, his team have observed it is is all too common for botnet loaders like this to download additional malware, such as spambots.
Commenting on the arrival of Zeus in the number two threat slot in the monthly charts, Manky said that the surge in Zeus activity comes as no surprise, given the botnet's popularity and the fact that its source code was hacked, as well as leaked, in May of this year.
We believe it's highly likely that we will continue to see Zeus and SpyEye – another popular botnet whose source code was also recently cracked and leaked publicly – to spread in waves in the coming months", he said.
Delving into the monthly threats report reveals that the W32/Yakes botnet loader and four variants were observed spreading through spam emails using traditional major credit card manufacturer templates.
The email that arrives at the victim's inbox typically carries the subject line 'Credit card is blocked', and, notes the report, text within the email explains that the recipient's credit card was involved with illegal operations and has been disabled.
The email then, says Fortinet, advises the recipient to open an attached file for details. When the user clicks on the attachment, the Yakes botnet is installed onto their computer.