Top Reported Threats for December 2007
Fortinet Announces Top Reported Threats for December 2007
Sydney – Jan. 15th , 2008– Fortinet® - a pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for December 2007. The report is compiled by Fortinet's FortiGuard Global Security Research Team using intelligence gathered from FortiGate™ multi-threat security systems in production worldwide.
December 2007's top 10 threats, as
determined by the degree of prevalence are:
Rank Threat Name Threat Type % of Detections
1 W32/Netsky!similar Mass mailer 11.05
2 HTML/Iframe_CID!exploit Exploit 8.47
3 W32/MyTob.FR@mm Mass mailer 3.40
4 W32/Lovgate.X2@mm Mass mailer 2.90
5 W32/ANI07.A!exploit Exploit 2.82
6 W32/Bagle.DY@mm Mass mailer 2.57
7 W32/Zafi.D@mm Mass mailer 2.20
8 W32/Istbar.PK!tr.dldr Trojan 1.93
9 Adware/Bdsearch Adware 1.83
10 Adware/TCent Adware 1.80
The December Top 10 threat report highlights the following:
- Mass mailers accounted for many of the top ten threats in December, especially through the holiday season. The Netsky!similar threat accounted for the highest volume of activity detected this month with 11.05 percent of the overall reported activity, whereas three mass mailers - MyTob.FR, Lovgate.X2, and Zafi.D - entered the top ten list.
- TCent and Bdsearch adware, which also appeared in last month's report, maintained their positions in the top ten list. Meanwhile, the ANI07.A exploit remained very active, claiming a strong position in the top ten for the ninth consecutive month.
- The Istbar.PK trojan, which installs a search toolbar on the user's Web browser and can download various adware and trojans, reached the eighth position on the top ten list -- up from the twenty-fifth position last month.
Fortinet security researchers reported at the end of December a "Merry Christmas" spam that was created by the Storm social engineering group and sent out just before Christmas with the intent to leverage the high-volume of online activity. The spam contained links to a Website, which enticed users to follow another link that ultimately led to the Storm infection. Since then, a new wave of spam from Storm that capitalizes on New Year's celebrations was monitored, using links that point to a server-side polymorphic executable of Storm.
In a more general analysis of the year, Fortinet security researchers reported that malicious Webpages were a major vector of infection in 2007 – possibly because this malware technique does not require any user interaction and can consequently be more effective than traditional vectors of infections such as email.
There are three main ways to drive traffic to malicious Web servers: via 'mass-compromising', which is usually achieved by hacking a Web-hosting company server; via search engine results poisoning, which is done by SEO malware sites that seed Web search results by interlinking a large amount of keywords-filled pages; or via a combination of both.
With infection rates as high as twelve percent, as indicated by statistics from live MPack servers during one of the major mass-injection attacks this year, malicious Webpages are more effective than infected emails. Infected emails currently have a click-through rate of around one out of several tens of thousands. This relatively high Web infection rate, combined with the fact that Web traffic is scanned to a lesser extent than email traffic, continues to cause malicious Webpages a major threat for 2008.
"It has become more and more difficult to distinguish malicious Webpages from clean ones," said Guillaume Lovet, threat research team manager at Fortinet. "In order to help avoid infection, we advise users to ensure their browsers are perfectly up-to-date prior to surfing the Web, carefully activate Java script on a per-site basis, and when possible, use operating systems and Web browsers that are less likely to be targeted, such as Linux and Opera."
To read the full December report, please visit: http://www.fortiguardcenter.com/reports/roundup_dec_2007.html. For ongoing threat research, bookmark the FortiGuard Center ( http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
# # #
Fortinet is a registered trademark of Fortinet, Inc. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks of the Fortinet, Inc. in the United States and/or other countries. All other trademarks referred to herein are the property of their respective owners.