Rogue Security Apps Strike Again on Fortinet's Most-Reported Threats for September 2008: Financial News

Rogue Security Apps Strike Again on Fortinet's Most-Reported Threats for September 2008
Wednesday October 1, 2008 12:00 pm ET

SUNNYVALE, CA--(MARKET WIRE)--Oct 1, 2008 -- Fortinet® -- the pioneer and leading provider of unified threat management (UTM) solutions -- today announced the top 10 most reported high-risk threats for September 2008. For the second consecutive month, rogue security applications have dominated cyberspace -- this time with a vengeance -- making up 61.5 percent of total activity for September. Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr -- the most prolific variant of the rogue security Trojans -- launched an all-out campaign with volumes not before observed by Fortinet researchers. Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.

Not surprisingly, with rogue security malware claiming the top four positions in this month's Top 10 list, it also propelled the RogueSecurity family into the No. 1 position among malware family activities for the entire month. As they were in last month's report, AntiVirus XP 2008 (55.5%) and XP Security Center (6%) were the two main applications that fronted the security scams in September.

"When we see unprecedented volume, as in the case of these rogue security applications, it usually indicates that the attacks are working and cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organization," said Derek Manky, security researcher for Fortinet. "In order to not fall into these traps, consumers should ensure that the source of their security application purchases are legitimate. Consumers should look out for unsolicited system messages which typically claim to find hundreds of infections, followed by purchase requests to cleanse."

Fortinet's FortiGuard® Global Security Research Team compiled this report based on intelligence gathered from FortiGate® multi-threat security systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services are already protected against the threats outlined in this report.

Other malware trends observed during this period include the following:

 
--  Virut.A, a virus that infects executable files, remains strong, coming
    in seventh spot and bumped out of the top five for the fist time in seven
    months;

--  Goldun.AXT, a new Trojan keylogger, generated heavy volume to claim
    the sixth position;

--  Crypt.MV, part of the Pushdo family, clinches the final tenth spot.

Following are the Top Ten individual threats and Top Five threat families in September. Top 100 shifts indicate positional changes compared to August's Top 100 ranking, with "new" representing the malware's debut in the Top 100.

 
Top Ten Individual Threats

                                              % of      Top 100
Rank         Threat Name       Threat Type Detections    Shift
       ----------------------- ----------- ----------- -----------
1        W32/Inject.GZW!tr.bdr      Trojan        38.1         new
       ----------------------- ----------- ----------- -----------
2        W32/Inject.GZV!tr.bdr      Trojan         6.7         new
       ----------------------- ----------- ----------- -----------
3            W32/Multidr.JD!tr      Trojan         4.3          -2
       ----------------------- ----------- ----------- -----------
4         W32/Delf.BFC!tr.dldr      Trojan         3.6         new
       ----------------------- ----------- ----------- -----------
5           W32/Netsky!similar Mass Mailer         2.2          -2
       ----------------------- ----------- ----------- -----------
6        W32/Goldun.AXT!tr.spy      Trojan         2.1         new
       ----------------------- ----------- ----------- -----------
7                  W32/Virut.A       Virus         2.0          -2
       ----------------------- ----------- ----------- -----------
8      HTML/Iframe_CID!exploit     Exploit         2.0          +1
       ----------------------- ----------- ----------- -----------
9           W32/Dloader.BQY!tr      Trojan         2.0         new
       ----------------------- ----------- ----------- -----------
10             W32/Crypt.MV!tr      Trojan         1.6         new
       ----------------------- ----------- ----------- -----------


Top Five Families

          Malware
Rank      Family      Percentage   Top 10 Shift
       ------------- ------------- -------------
1      RogueSecurity          61.5           new
       ------------- ------------- -------------
2             Netsky           3.5            -1
       ------------- ------------- -------------
3             Goldun           3.5           new
       ------------- ------------- -------------
4              Virut           2.5             -
       ------------- ------------- -------------
5        OnlineGames           2.0            -3
       ------------- ------------- -------------

To read the full September report, please visit: http://www.fortiguardcenter.com/reports/roundup_sep_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail(TM) and FortiClient(TM) products.

About Fortinet (www.fortinet.com)

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection -- including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Anti-spam. Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2008 Fortinet, Inc. All rights reserved. The symbols ® and (TM) denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates, including, but not limited to, the following trademarks: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiDB, APSecure, and ABACAS. Other trademarks belong to their respective owners.