Complacency by PC users means hackers are having it easy says Fortinet Australia New Zealand regional systems engineer Nelson DaSilva.
“Viruses can still be reactivated years after they are discovered and patches ‘solve’ the problem. For example, we’re detecting Trojans in the list, which have re-emerged. PC users need to ensure they have the latest security protection.”
Fortinet is also coming across more sophisticated threats, he says.
“Malware senders are using a system called ‘pump and dump’, where malware is now included in PDF mail attachments and pumped out around the world. When the receiver opens the PDF they download the malware with no knowledge.”
DaSilva claims it is also detecting user pages on social networking sites such as MySpace and Facebook that are malware phishing threats in disguise.
“The user will get a friendly invite and think that this is a person who wants to make contact with them. Our advice is if you don’t know the person then don’t access the page, as it could be a phisher trying to access your personal information.”
Two new threats debuted on Fortinet’s monthly top 10 list in October: the mass mailer MyTob.CJ (also known as MyDoom) reached the 10th position, up from last month’s 65th spot.
The Trojan Clicker.AC entered in fifth position, doubling its activity compared to last month with high spikes observed towards the end of October. Netsky.P is still active with the combination of Netsky.P and Netsky! Similar representing the highest volume detected last month, with 11.61 percent of the overall reported activity.
Fortinet threat researchers reported a general decrease in activity for mass mailing during the first half of the year. Four mass mailers were ranked in the top 10 for October, showing that this type of malware still accounts for a large portion of high-risk threats.
“Mass mailers use emails to spread, and can easily end up in any individual’s inbox. Most current mass mailers are multi-functional and can serve as gateways to expose private data or allow remote control of the system. As a result, they still represent a real threat for end-users,” DaSilva says.
October’s top-10 reported email threats: