Fortinet's FortiGuard Threat Landscape Research Team Reports on Four Lucrative Malware Pursuits to be Aware of in 2013

A global leader in “high-performance network security,” Fortinet (News - Alert) today announced the reports of its FortiGuard threat landscape research team for the period of October 1 - December 31, 2012.

Based on the research, FortiGuard Labs presented samples of malware that typically highlight four different methods by which cyber criminals are extracting money from the victims today.

At the same time, the study also reports a growing activity in mobile malware variants of Android’s (News - Alert) Plankton ad kit and vulnerability scanning for its hacktivist Web server.

FortiGuard Labs presented samples of four money making malware to be aware of in 2013. In the past three months, the research team has identified four malware that is being widely used, featuring high levels of unscrupulous activities within a short time period, from a day to a week.

Presented here are the four ways cyber criminals are currently monetizing their malware today:

• FakeAlert.D: This is a fake antivirus malware that notifies the users with a compelling pop-up window that shows that their computer has been infected with some virus, and for a fee, the ‘fake’ antivirus software will remove all viruses from the computer.
• Simda.B: This is a sophisticated malware that looks like a Flash update to trick the users into accepting their installation rights. Once it has been installed, the malware will steal the password of the user, enabling the cyber criminals to hack the victim’s social networking accounts and e-mail to spread the malware or spam. It can also access a website admin account to host malicious sites and drawing money from multiple online payment systems.
• Zbot.ANQ: This is a Trojan “client side” component of Zeus crime kit. It can infiltrate through a person’s internet banking login attempts, and then uses the trick of social engineering to convince the users to install a mobile component of spam into their smartphones. Once installed on the mobile phone, cyber criminals can intercept the confirmation SMS sent by the bank and transfer funds to their account.
• Ransom.BE78: This ransomware is a malware that prevents the users from accessing personal data. It either stops the user’s machine from booting, or encrypts the data on the machine and demands money to decrypt it. But unlike fake antivirus, it does not give an option to the users for installation. It automatically installs on the computer and demands a good payment to be removed.

Android Mobile Advertising Malware

FortiGuard Labs has also detected a huge surge in spreading Android Plankton ad kit. The malware skillfully embeds common toolsets into users’ android devices, which serve as unwanted advertisements in the status bar. It then tracks the user’s International Mobile Equipment Identity numbers and drops the icons on the desktop of android device.

At the same time, they reported high activity levels of ZmEu, a hacking tool that was developed to scan the Web servers that run vulnerable versions of MySQL administration software, to take control of these servers.

Fortinet is the market leader in unified threat management, and a global landmark for advanced network security appliances.