The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements
| Fortinet's January '09 Threatscape Report Shows a Swell in Malicious Exploits | |
| Posted: Tue Feb 10, 2009 02:50:00 PM | |
|
In-the-Wild Exploits Penetrate Un-patched Systems; Keylogging and Spam Continue to Climb SUNNYVALE, Calif., Feb. 4, 2009 - Fortinet® - the pioneer and leading provider of unified threat management (UTM) solutions - today announced its January 2009 Threatscape report revealed a surge in exploit activity. The headline-making buffer overflow exploit to Microsoft Security Bulletin MS08-067, which was originally detected in October '08, continued to wreak havoc on un-patched machines during the end of December '08 and throughout January '09, landing in ninth position in this period's Top 10 Exploitations list. The highest recorded activity for this exploit occurred on January 14 and overall new vulnerabilities rose four percent since last period. Also climbing the ranks, online gaming malware continued to build on December's momentum with two Trojans increasing in activity. Spy/OnLineGames claimed first place on Fortinet's Top 100 malware variants list while, not far behind, W32/Dropper.VEM!tr jumped 94 spots, further highlighting a rising wave of online gaming malware designed to pilfer credentials. Fortinet's FortiGuard® Global Security Research team also observed a mounting trend in spam, which drew from ongoing economic concerns and leveraged the Presidential Inauguration as part of a social engineering campaign. "While eavesdropping keyloggers and spam-spewing botnets continued to rise in popularity this month, what's most concerning is the explosion of the now dated MS08-067 vulnerability," said Derek Manky, project manager, cyber security and threat research, Fortinet. "Propagating as far back as October '08, this vulnerability underscores the importance of proper patch management and a layered security approach to avoid epidemic outbreaks of this nature." Following are key findings from Fortinet's January 2009 Threatscape report: * Exploits/Intrusion - 43 new vulnerabilities were added to the FortiGuard IPS coverage this period, with 13 reported to be actively exploited; the number of active exploits for new vulnerabilities rose to 30.2 percent this period, up from 26.2 percent last period; * Malware - keylogging and information siphoning obtained the majority of activity reported during this period, with online gaming exploits rising up the charts; the U.S. (45.05%) and Japan (43.03%) were still the most targeted regions for malware, with China (26.77%), Taiwan (20.61%) and India (20.54%) grabbing up the 3rd, 4th and 5th positions as the top most targeted regions; * Spam -spam rates continued to increase this period and fully regained levels consistent to spam rates before the McColo take-down; driven by the financial crisis, the most popular spam campaigns included positive salary structure, diploma and education schemes and added scam tactics seeding a new botnet that centered on President Barack Obama's inauguration; * Web traffic - Web activity blocked during this period stayed in close alignment to last month's findings, with pornography maintaining the top spot at almost 70 percent; malware also consistent at nearly 20 percent and spyware and phishing activities representing the remaining 10 percent. The Fortinet FortiGuard Global Security Research team compiled threat statistics and trends for January based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services should already be protected against the threats outlined in this report. To read the full January Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/reports/roundup_jan_2009.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html. FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For products with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products. To Purchase Fortinet Products Visit http://www.avfirewalls.com |