In January, hackers exploited 61% of new vulnerabilities during the month, compared to a typical exploitation rate of between 30% and 40% per month, Fortinet said in its January 2011 threat landscape report.
“Hackers are sinking their teeth into unprotected systems, thanks to readily available exploit code and attack frameworks that support these new vulnerabilities”, said Derek Manky, senior security strategist at Fortinet’s FortiGuard Labs. “Since they are freshly disclosed, not everyone may have up-to-date signatures or proper patches in place. It is imperative to ensure both are updated in a timely fashion in order to effectively combat this threat”, he added.
The top three malware threats in January were Feebs, Buzus, and Virut trojans, the report found. Feebs is a mass mailer that uses Javascript to infect systems. Buzus was more prevalent in the spam area, sending infected attachments of itself using a variety of spam campaigns.
Two variants of Virut were discovered in January, and they are receiving commands from Virut controllers to download and execute malware: Virut.U, which uses an updated internet relay chat (IRC) channel and encrypts traffic to this channel, and Virut.A, which connects to the IRC service “proxim.ircgalaxy.pl” unencrypted.
Virut is a rigid file infector that contains a bot component, making it difficult to clean since it spreads to thousands of files on a system once it hits. FortiGuard Labs observed Virut downloading other botnets, meaning an infected system could have multiple pieces of malware in place.Virut is one of the most persistent botnets, because it is tough to remove from an infected system, uses a public IRC domain, and has hybrid spreading capabilities, according to the report.
Fortinet said it saw another significant decline in global spam rates from Dec. 27 to Jan. 10. The previous decline was in November, due to the Bredolab botnet being taken offline. Spam rates began to climb back to their regular level by mid-December, however. This time Rustock contributed to the decline by dedicating the holiday period to generating cash through affiliate-based business models in lieu of spam campaigns. However, spam rates have started to rise again after Rustock received commands to recommence its spam routines, the company said.