The two main Bredolab variants detected this month were W32/Bredo.G and W32/Bredolab.X, most notably included in fake DHL invoice spam campaigns.

Derek Manky, project manager, cyber security and threat research, Fortinet commented: “We’re seeing record levels of scareware building off volume from September, and the danger in these threats is only becoming more serious as the methods for delivery evolve and the blending of attacks bring more complexity.
“As we’ve seen in the consistency of repeated threats, the old schemes are still proving to be good methods. Enterprises and consumers must take equal responsibility in understanding the disguises of these threats and implementing a multi-pronged security solution that addresses the different and changing characteristics of tried and true tactics,” he added

During the month of October 2009 Scareware tactics have reached all time high, with worst ever attacks reported. Seven of the top ten malware variants detected linked back to scareware, with scareware tactics diverging to include botnets, corrupted advertisements and SEO attacks.

The most notable development in October 2009 was the preponderance of AntiVirus Pro 2010 rogue security software, which when installed will contact a remote server in order to obtain malicious payload and receive updated copies; a trojan downloader named Bredolab which is now downloading AntiVirus Pro 2010 installers and the ZBot keylogger; and the ongoing development of affiliate programs that tempt participants with a handsome pay-out on each software download purchased. Tools and kits are readily available to participating affiliates, accelerating the distribution of scareware and other malicious components.

Read the full October Threatscape report, which includes the top threat rankings in each category.