The year-end holiday season saw a surge in Trojan activity and spam worldwide, according to network security provider Fortinet.
According to data collected from Fortinet's appliances around the world, two particular Trojans stood out during the year-end period.
These were: the W32/Zbot.GXN!tr.spy Trojan, which specialises in siphoning confidential banking information, and the gaming Trojan Spy/OnLineGames, which aims to commit theft of virtual property by illegally obtaining user passwords for online games. The former launched a four-day attack from 25–28 November, which coincided with the Black Friday shopping weekend in the United States, and Fortinet believes this was a deliberate attempt to gather as much consumer banking and credit card information as possible.
A Fortinet executive further cautioned against taking gaming Trojans lightly.
“Though taking a backseat to the keylogging and banking Trojans in this period, online-gaming attacks continue to be significant primarily due to the popularity of the games themselves and the real-world value that's associated with virtual gaming assets,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “It should be noted that online gaming Trojans should be seen as a threat to users, gamers and corporations alike. Any Trojan sitting on a machine that has been compromised should be considered a threat to the network to which it is connected, as Trojans typically have a very dynamic nature.”
Fortinet also noted that the global volume of spam in December jumped nearly 11 per cent from November, as spammers regained their footing after the takedown of McColo. McColo was a Web hosting firm responsible for hosting a substantial proportion of the world's malware and botnet operators. The company ceased operations in November after two Internet providers cut off the firm's connectivity to the Web.
Spam topics during the year-end period 'took advantage of the holiday season and failing economy', according to Fortinet. Popular subject lines concerned electronic greeting cards, an undeliverable UPS package notification and a home loan modification scheme.