Top Reported Threats for July 2007
Press Release
Fortinet Announces Top Reported Threats for July 2007
Sydney, August 3rd 2007– Fortinet® – the pioneer and leading provider of unified threat management (UTM) solutions – today announced the top 10 most reported high-risk threats for July 2007. The report, compiled from all FortiGate™ multi-threat security systems in production worldwide, is a service of Fortinet’s FortiGuard Global Security Research Team.
July 2007’s
top 10 threats, as determined by the degree of prevalence
are:
Rank Threat Name Threat Type % of
Detections
1 W32/Netsky.P@mm Mass mailer 9.52
2
HTML/Iframe_CID!exploit Exploit 8.42
3
W32/Bagle.DY@mm Mass
mailer 4.71
4 W32/Dialer.PZ!tr Trojan 3.62
5 W32/Grew.A!worm Worm 3.09
6 W32/ANI07.A!exploit Exploit 2.88
7
W32/Netsky!similar Mass mailer 2.66
8
W32/Bagle.GT@mm Mass mailer 2.53
9 W32/Sober.AA@mm Mass
mailer 2.30
10 W32/Virut.fam Virus 2.27
The July
top 10 highlights the following:
- An increase in the breadth of detection caused a lowering of the Top 10 percentages overall.
- Last month, Netsky.P was catching up to, but now has surpassed Bagle.DY, just about doubling its performance.
- ANI07.A is still holding on, despite a patch being released, which means it is either still effective or it is not being sufficiently cleaned off of public Web sites.
- The email based Iframe_CID exploit has moved higher than normal, perhaps owing some of its success to Netsky.P's mass mailer component and its own recent rise in activity.
Last month, the most popular trend the FortiGuard team spotted was the inundation of rogue electronic greeting cards increased fueled by the “Storm Worm” (aka W32/Tibs), whose creators seemingly decided to broaden the peer-to-peer botnet via this well-known strategy. However, what’s new about the Storm Worm is the method of attack and how it can compromise a Web browser. The only innovation in the malicious e-card storm lies in the following fact: should a user by mistake or intentionally, request the index page rather than paste the full malicious link inside the browser (or click on it, in case HTML is enabled in the mail client), the Web server would deliver a load of malicious java scripts to the user’s Web browser.
Indeed, a look back at recent events such as the MPack "drive-by-install" case, where malicious IFrames silently redirected hundreds of thousands of visitors of legitimate – but hacked – Web sites to a page full of malicious scripts, seems to highlight browser exploitation as the new "big thing" among virus writers. Figures tend to confirm this: Since January, the impact of exploits in malicious activity has almost doubled, to reach five percent of the global malware activity in July.
“The slight shift toward browser exploitation partly lies in the fact that it bypasses any form of user interaction, hence rendering user education useless,” said Guillaume Lovet, manager for the FortiGuard Global Security Research Team. “While we are entering the Web 2.0 era, most of our data and applications are shifting from the desktop to online. The Web browser is our gateway to those, and therefore becomes absolutely centric.”
To read the full July report, please visit http://www.fortiguardcenter.com/reports/roundup_jul_2007.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
About
Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by ICSA Labs (firewall, antivirus, IPSec, SSL, IPS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.
# # #
Fortinet
is a registered trademark of Fortinet, Inc. Fortinet,
FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiCare,
FortiManager, FortiWiFi, FortiGuard, FortiClient, and
FortiReporter are trademarks of the Fortinet, Inc. in the
United States and/or other countries. All other trademarks
referred to herein are the property of their respective
owners.
ENDS