In October, the Dutch National Crime Squad’s High Tech Crime Team seized 143 computer servers used by the Bredolab botnet and disconnected them from the internet.
This had a positive effect on global spam in November, the Fortinet report found. “Bredolab was often used to load spam engines, which are typically used to sell fraudulent pharmaceuticals”, said Derek Manky, project manager for cyber security and threat research at Fortinet. “The scale of this Bredolab botnet had a huge impact on spam levels, dropping as much as 26% one week after it was dismantled.”
In addition, the Koobface botnet, which spams popular social media sites, was temporarily shutdown. On Nov. 14, the UK ISP provider Coreix took three of the Koobface botnet’s MotherShip servers offline. Koobface uses intermediary services to communicate with these MotherShip servers, Fortinet explained.
The Koobface botnet, however, was up and running again five days later. “We saw communication restored five days later on November 19. This is likely due to the fact that Koobface contains an FTP harvesting module”, Manky said. By reconfiguring their intermediary servers to new MotherShip servers, the operators seemingly regained control of their botnet, he added.
In November, Fortinet’s FortiGuard labs disclosed zero-day vulnerabilities in Adobe Shockwave (FGA-2010-54), Adobe Flash (FGA-2010-56), Microsoft Office PowerPoint (FGA-2010-58), and Apple QuickTime (FGA-2010-61). In addition to the four zero days, 146 additional vulnerabilities were covered by FortiGuard; 40% of which were actively exploited in the wild. As of Dec. 1, a zero-day vulnerability is still being exploited in the wild for Microsoft Internet Explorer (FGA-2010-55). All five vulnerabilities were critical and had the potential to allow attackers to execute arbitrary code from a remote location, the company said.
Fortinet recommended that users keep all application patches up to date and use intrusion prevention systems to mitigate attacks against known vulnerabilities and zero-days.