Rogue Security Apps Exceed 60% of Reported Malware
Rogue Security Apps Exceed 60 Percent of Reported Malware in September
SYDNEY - Oct. 1, 2008 - FortinetÂ® - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for September 2008. For the second consecutive month, rogue security applications have dominated cyberspace - making up 61.5 percent of total activity for September.
Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr - the most prolific variant of the rogue security Trojans - launched an all-out campaign with volumes not before observed by Fortinet researchers. Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.
Not surprisingly, with rogue security malware claiming the top four positions in this month's Top 10 list, it also propelled the RogueSecurity family into the No. 1 position among malware family activities for the entire month. AntiVirus XP 2008 (55.5%) and XP Security Center (6%) were the two main applications that fronted the security scams in September.
"When we see unprecedented volume, as in the case of these rogue security applications, it usually indicates that the attacks are working, and that cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organisation," said Derek Manky, security researcher for Fortinet. "In order to not fall into these traps, consumers should ensure that the source of their security application purchases are legitimate. Consumers should look out for unsolicited system messages which typically claim to find hundreds of infections, followed by purchase requests to cleanse."
Following are the Top Ten individual threats and Top Five threat families in September.
Top Ten Worldwide Individual IT
#1 W32/Inject.GZW!tr.bdr Trojan 38.1%,
#2 W32/Inject.GZV!tr.bdr Trojan 6.7%,
#3 W32/Multidr.JD!tr Trojan 4.3%,
#4 W32/Delf.BFC!tr.dldr Trojan 3.6%,
#5 W32/Netsky!similar Mass Mailer 2.2%,
#6 W32/Goldun.AXT!tr.spy Trojan 2.1%,
#7 W32/Virut.A Virus 2.0%,
#8 HTML/Iframe_CID!exploit Exploit 2.0%,
#9 W32/Dloader.BQY!tr Trojan 2.0%,
#10 W32/Crypt.MV!tr Trojan 1.6%.
Worldwide Top Five Threat Families:
#1 RogueSecurity 61.5%,
#2 Netsky 3.5%,
#3 Goldun 3.5%,
#4 Virut 2.5%,
#5 OnlineGames 2.0%.
Fortinet's FortiGuardÂ® Global Security Research Team compiled this report based on intelligence gathered from FortiGateÂ® multi-threat security systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services are already protected against the threats outlined in this report.
Other malware trends observed during this period include the following:
• Virut.A, a virus that infects executable files, remains strong, coming in seventh spot and bumped out of the top five for the fist time in seven months;
• Goldun.AXT, a new Trojan keylogger, generated heavy volume to claim the sixth position;
• Crypt.MV, part of the Pushdo family, clinches the final tenth spot.
To read the full September report, please visit: http://www.fortiguardcenter.com/reports/roundup_sep_2008.html.
For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html.
To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMailâ„¢ and FortiClientâ„¢ products.
About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Anti-spam. Fortinet is privately held and based in Sunnyvale, California.