Fortinet unveils the darker side of the holiday season with its December 2010 Threat Landscape report, revealing that hackers are not only using regional-sounding domains to sound like legitimate sites, but they are also capitalizing on the holiday season by disguising malware as e-cards.
The survey exposes a revolutionary step cyber criminals are taking to diversify the distribution of their illegal gains.
“This month, we saw a wide variety of money mule recruitment campaigns that — for the first time — targeted specific countries in an orchestrated manner,” said Derek Manky, project manager of cybersecurity and threat research at Fortinet. “The campaigns, which were seeded in a number of Asian and European countries, solicited local individuals who already have or had established relationships in the banking industry or were looking for work as online sales administrators.“
To portray more legitimate “localized campaigns“, they created regional-sounding domain names, such as cv-eur.com, asia-sitezen.com and Australia-ruseme.com.
Under further scrutiny, Fortinet“™s FortiGuard team uncovered all three domains were registered to one Russian contact. Localized campaigns make it easier for cyber criminals to obtain mule accounts internationally, because each one falls under different governing laws and banks. If one were discovered, the others would remain online and continue its criminal activities.
Another prominent cyber threat used this holiday season was the Buzus Trojan. This malware was distributed through mass emails spoofed as holiday e-cards. Once the impostor e-card is opened, the now-infected system sends out the same holiday e-card to everyone in the system“™s email address book.
Fortinet’s FortiGuard team learned the majority of Buzus Trojans were sent from the Hiloti botnet. Hiloti uses DNS as a communication channel to watermark its report information to its servers, and it avoids detection by appearing as a legitimate DNS traffic.
The full report is available on Fortinet“™s site and includes the top threat rankings in several categories.