Hacktivists Turn to ZmEu Scanning Tool to Compromise Websites, Fortinet Finds

The company also details some of the most prevalent money-making malware

  Fortinet releases its FortiGuard threat landscape research report for Q4 2012
Fortinet has released its FortiGuard threat landscape research report for October 1 – December 31, 2012. The study highlights some interesting things about money-making malware and about the tools used by hacktivists in the last quarter of 2012.

Fortinet has released its FortiGuard threat landscape research report for October 1 – December 31, 2012. The study highlights some interesting things about money-making malware and about the tools used by hacktivists in the last quarter of 2012.

The company detected high activity levels in the use of ZmEu, a web scanning tool that’s designed to identify servers running vulnerable versions of phpMyAdmin.

Developed by Romanian hackers, the ZmEu can be successfully used to determine what servers can be easily compromised.

According to the company, the activity levels increased nine times between September and December 2012.

“This activity spike suggests a heightened interest by hacktivist groups to facilitate various protests and activist movements around the world. We expect such scanning activity to remain high as hacktivists pursue an ever-increasing number of causes and publicise their successes,” said Guillaume Lovet, senior manager of FortiGuard Labs' threat response team.

As far as money-making malware is concerned, Fortinet has identified four malicious elements that stood out during the last quarter of the past year.

One of them is Simda.B. The malware poses as a Flash update to trick users into installing it. Once it finds itself on a computer, it’s capable of stealing all sorts of valuable information that helps the attackers siphon money from payment systems accounts.

Scareware has always been profitable and FakeAlert.D is a perfect example. The fake antivirus warns victims that there’s malware on their computers. In order to clean it up, the user must pay a free.

Ransomware is also highly efficient when it comes to making money. Ransom.BE78 is one of the variants that stood out in the last part of 2012.

Finally, there’s Zbot.ANQ, the client-side component of the notorious ZeuS. It’s capable of intercepting all the information needed by cybercriminals to gain access to the victims’ bank accounts.

Comments