Fortinet Reports Four Samples of Money Making Malware to Watch for in 2013


The word “monetize” has certainly cracked the top ten list of industry buzzwords for this year. The context typically refers to how service providers, software developers and others are attempting to leverage things like the cloud and subscription services to be faster—to the market, in the market and most importantly to getting paid for their products and services.

And, while the legitimate monetization of new products and services dominates the headlines, unfortunately, bad actors are equally if not more interested in monetizing their malware. It is for this very reason that the latest findings of network security firm Fortinet, in its FortiGuard threat landscape research for the period of October 1 − December 31, 2012, makes for compelling if disturbing reading.

The focus by the team from FortiGuard Labs is on four typical methods cyber criminals use to extract money from their victims. The report also shows increasing activity in mobile malware variants of the Android Plankton ad kit, as well as in hacktivist Web server vulnerability scanning.

Four Money Making Malware to Watch for in 2013

Below are the bad boysFortiGuard Labs identified y as spiking during the end of last year. They reflect four typical methods cyber criminals are using today to monetize their malware:

1.       Simda.B: This sophisticated malware poses as a Flash update in order to trick users into granting their full installation rights. Once installed, the malware steals the user’s passwords, allowing cybercriminals to infiltrate a victim’s email and social networking accounts to spread spam or malware, access website admin accounts for hosting malicious sites and siphoning money from online payment system accounts.

2.       FakeAlert.D: This fake antivirus malware notifies users via a convincing-looking pop-up window that their computer has been infected with viruses, and that, for a fee, the fake antivirus software will remove the viruses from the victim’s computer.

3.        Ransom.BE78: This is ransomware, a frustrating piece of malware that prevents users from accessing their personal data. Typically the infection either prevents a user’s machine from booting or encrypts data on the victim’s machine and then demands payment for the key to decrypt it. The main difference between ransomware and fake antivirus is that ransomware does not give the victim a choice regarding installation. Ransomware installs itself on a user’s machine automatically and then demands payment to be removed from the system.

4.       Zbot.ANQ: This Trojan is the "client-side" component of a version of the infamous Zeus crime-kit. It intercepts a user’s online bank login attempts and then uses social engineering to trick them into installing a mobile component of the malware on their smartphones. Once the mobile element is in place, cybercriminals can then intercept bank confirmation SMS messages and subsequently transfer funds to a money mule's account.

Guillaume Lovet, senior manager of FortiGuard Labs' Threat Response Team stated that, "While methods of monetizing malware have evolved over the years, cybercriminals today seem to be more open and confrontational in their demands for money − for faster returns…Now it's not just about silently swiping passwords, it's also about bullying infected users into paying. The basic steps users can take to protect themselves, however, have not changed. They should continue to have security solutions installed on their computers, update their software diligently with the latest versions and patches, run regular scans and exercise common sense."

Mobile users beware of Android advertising malware

In the last threat landscape report, FortiGuard Labs detected a surge in the distribution of the Android Plankton ad kit. This is a nasty one. It embeds a common toolset on a user’s android device that serves unwanted advertisements in the user’s status bar, tracks the user’s International Mobile Equipment Identity (IMEI) number and drops icons on the device’s desktop. And, while the kit’s activity plunged, there has been an increase in copy cats.

As Lovet notes, "The ad kits we’ve monitored suggest that Plankton's authors are trying to dodge detection. Either that, or competing ad kit developers are trying to take a piece of the lucrative adware cake. Either way, the level of activity we’re seeing with ad kits today suggests that Android users are highly targeted and thus should be especially vigilant when downloading apps to their smartphones. " 

The best defense that the team is suggesting is that users protect themselves by paying close attention to the rights asked by an application at the point of installation. It is also recommended to download mobile applications that have been highly rated and reviewed.

Hacktivist scanning tool tops the charts

Finally, just in case you were not uncomfortable enough with the above, the FortiGuard Labs folks detected high activity levels of ZmEu. This is a tool developed by Romanian hackers to scan Web servers running vulnerable versions of the popular mySQL administration software (phpMyAdmin) in order to take control of those servers.

The targets are an interesting lot. Lovet says, "This activity spike suggests a heightened interest by hacktivist groups to facilitate various protests and activist movements around the world. We expect such scanning activity to remain high as hacktivists pursue an ever-increasing number of causes and publicize their successes." The recommended protection is updating to the latest version of PhPMyAdmin.

What all of this points to is that the level and brashness of those with malicious intent is escalating. It used to be that much of the cyber threats were either being done by those who just like to poke their fingers in the eyes of the establishment or business entities they don’t like. When this got old, they got heavily into identity theft and some pretty hefty pay days.

Others plowing the malware fields include governments engaging in cyber-warfare and terrorist organizations who are doing so for a variety of reasons. One reason is to wreak havoc on financial services entities in a kind of reverse monetization scenario, i.e., benefiting from disabling the ability of others to monetize.

The bottom line, as they say, is the bottom line. What is unsettling is the move by the producers of malware to get a bigger and faster return on their investment, and their willingness to practice extortion is a problematic sign of the times.

It is not as if there were not plenty of reasons for businesses and individuals to maintain a posture of constant vigilance regarding malware. This is what has been driving interest by IT professionals and others in increasing the number and types of anti-virus precautions, developing better end user education policies, and using encryption and other security techniques to mitigate the risks of falling victim to malware.

What is a bit dispiriting is that the bad guys are extremely adroit and ingenious. This is a good reason to not just be alert on a day-to-day basis, but to also keep up with reports such as this one from Fortinet to know what is trending so you can institute best practices and have some measure of peace of mind.  

Edited by Allison Boccamazzo
Related Articles

How Real is Telecom Network Transformation: From Legacy to Leading Edge by When?

By: Cynthia S. Artin    11/7/2018

Last week, ABI Research issued its latest report and forecasts in the network orchestration domain, asserting that while a disruption in orchestration…

Read More

What's New in Artificial Intelligence

By: Paula Bernier    11/5/2018

A brief look at what's new in the world of artificial intelligence as it relates to IT operations; customer engagement; marketing analytics; and cloud…

Read More

IBM Makes $34B Bet with Red Hat

By: Paula Bernier    10/29/2018

IBM plans to purchase Red Hat in a $34 billion deal. Big Blue says its combination with the open source pioneer will establish it as the world's No. 1…

Read More

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More