Ransomware resurfaces as major threat to internet users

<p>The other notable infection circulating the<a href="http://www.fortiguard.com/report/roundup_august_2010.html"> threat landscape</a> over the last month, says Fortinet, is ZBot, a do-it-yourself botnet kit that has been enhanced to malware creator with all of the tools required to build and administer a botnet that can be used for stealing banking information or identity theft.</p> <p>According to the network security vendor's August threat landscape report, ransomware is now in the number one slot in the malware charges.</p> <p>Derek Manky, the firm's project manager for cybersecurity, said that one indicator that <a href="http://www.fortinet.com">Fortinet </a>observed this month was that the ransomware application had gone server-side polymorphic, which means that the loader will connect to a single server and request a single file.</p> <p>What's interesting about the loader, however, is that Manky says that the code changes on an hourly basis in order to avoid detection.</p> <p>&quot;This is a technique typically seen with botnets, such as<a href="http://blogs.technet.com/b/mmpc/archive/2010/02/25/dismantling-waledac.aspx"> Waledac</a>, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection&quot;, he said.</p> <p>The second category of malware riding high in Fortinet's charts is Zeus/ZBot, which the IT security firm describes as a DIY botnet kit hat is designed for stealing banking information, but they can easily be used for other types of data or identity theft.</p> <p>According to Fortinet, during August, ZBot variants were seen to target US military personnel.</p> <p>What is notable about the malware, the firm says, is that a control panel application is used to maintain/update the botnet, and to retrieve/organise recovered information. A configurable builder tool also allows the author to create the executable that will be used to infect victim's computers.</p> <p>One other notable attack this month, adds the network security specialist, is the recent Windows `help center' vulnerability, which was propelled firmly into the chart.</p>

What’s Hot on Infosecurity Magazine?