Of the top 10 malware variants tracked by Fortinet over the last month, the network security provider claims eight hailed from the Sasfis family. This is according to the July 2010 Threat Landscape report put out by the firm’s FortiGuard Labs.
Fortinet said the Sasfis botnet has shifted from downloading and executing software, namely fake anti-virus, to a focus on downloading updated spamming modules. The company warns that typical Sasfis spam examples include fake UPS invoices and Facebook photo links.
“Spam bots continue to diversify, sending a variety of spam themes on a frequent basis,” said Derek Manky, project manager, cyber security and threat research for Fortinet. “This month we observed various socially engineered emails that came with HTML attachments. These attachments further contained obfuscated javascript which would redirect users to malicious sites.”
Fortinet credits the rise of the Sasfis botnet as the major contributor to an overall increase in detected malware volume. The company’s tracking data showed a dip in overall volume beginning in February, but the volume of total malware being detected by its lab has returned to levels seen earlier this year.