Victories continue to roll in 2011. In April, a large Coreflood (circa 2002) botnet operation was dismantled by the FBI. Servers and domains controlled by this Coreflood gang were seized. This comes off the heels of Rustock’s takedown in March, which we continue to see solid evidence of success here at FortiGuard Labs. Indeed, global spam rates have remained about 15% lower than they were before Rustock’s downfall in mid-March. It’s only a matter of time before a new spam botnet will grow large enough to start bringing spam rates back up. They’re certainly trying: we commented on a new botnet making the rounds through Facebook themed emails a recent Threat Report
FortiGuard Labs recently discovered and disclosed a vulnerability in Microsoft Office (FGA-2011-13). This was patched in Microsoft’s April Path Tuesday release, which included 17 security bulletins. Microsoft also released the advisory KB 2506014 , which addresses levels with kernel-mode rootkits – specifically the Alureon / TDL4 rootkit. One of our 2011 Threat Predictions was an increase in cyber criminal operation takedowns. We have already seen aggressive action here with success on Rustock and Coreflood. Another prediction touched on the emergence of 64-bit rootkits, specifically Alureon / TDL4. Such rootkits pose a serious threat for Windows 7 systems, since it allows free reign of Microsoft’s latest operating system for any malware that leverages such a rootkit. It is great news that Microsoft has made a move to answer this threat, and it is important that all systems are immediately patched. Cyber criminals, however, will continue their attempts to subvert the Windows 7 operating system. Safe practices, patch management and a valid security solution are good measures to mitigate threats. If we all do our part, cyberspace will no doubt be a safer place.
Leave a reply