FortiGuard Bulletin
A weekly email newsletter alert to the latest virus,
worm, intrusion and related malicious code threats to
enterprise and service provider networks.
Latest Bulletin
 |
Dec 5, 2006 |
|
|
FortiGuard Bulletin |
In Today's Bulletin
Quick Links...
|
|
Dear Bryan,
|
Latest Threat, Advisories & Reports
Monthly Roundup
Stration, Next episode: Runs and Variants
Indeed, the worm with the plan has kept
alimenting discussions in the AV world (and in
the security-oriented world, in general). So,
the 'plan' was really... to make some bucks (sigh
of un-surprise). Some Stration variants indeed
downloaded spam-oriented Trojans, and started to
relay medical spam (Viagra and the like...) in
high volumes.
more
The Phisher Worm scavenges MySpace
Hackers have once again created an exact replica
of a MySpace log-in page in order to track
personal user details. All users have to do is
click on a seemingly innocuous bulletin that a
trusted friend posts requesting that they check
out a hilarious video, and voila, they find
themselves asked to log in again by "MySpace" -
something that happens all the time on the site
due to bugs.
more
Vocal phish revealed
In a nutshell, it asks to leave your name,
number, and email address if you want to
magically wipe out your credit card debts. The
message goes as far as demanding ALL contact
phone numbers, stating that they cannot help the
consumers without a phone number and that emails
will not be returned.
more
info
Malware Threat
Dec 01, 2006
W32/BagleZip.GQ@mm
(Level 3)
New IPS Signatures
102498417 SMTP.RCPT.Command.Format.String
111083566
MS.Windows.Embedded.Web.Font.Buffer.Overflow
103350635 FTP.Command.STOR.Format.String
103481605
Apple.QuickTime.BMP.File.Handling.Heap.Overflow
103350634 FTP.Command.EPRT.Buffer.Overflow
104005722
IMAP.Select.Command.Directory.Traversal
103481619
IBM.Tivoli.Directory.Server.LDAP.Memory.Corruption
103481614 IMAP.STATUS.Command.Buffer.Overflow
102039908
MS.Windows.Server.Service.SMB.Rename.Code.Execution
103481618
MS.Windows.Media.Player.File.Information.Disclosure.HTTP
*Total of 34 new signatures
|
|
Top Threats
AntiVirus
Top 10 Virus
1 25% W32/Stration.DS@mm
2 12% W32/Netsky.P@mm
3 7% W32/Bagle.DY@mm
4 5% W32/Grew.A!worm
5 4% W32/BagleZip.GL@mm
6 3% W32/BagleZip.GM@mm
7 2% W32/MyTob.AQ@mm
8 2% W32/MyTob.BH.fam@mm
9 2% W32/MyTob.U@mm
10 2% W32/Netsky!similar
Top 10 Spyware
1 25% W32/Stration.DS@mm
2 12% W32/Netsky.P@mm
3 7% W32/Bagle.DY@mm
4 5% W32/Grew.A!worm
5 4% W32/BagleZip.GL@mm
6 3% W32/BagleZip.GM@mm
7 2% W32/MyTob.AQ@mm
8 2% W32/MyTob.BH.fam@mm
9 2% W32/MyTob.U@mm
10 2% W32/Netsky!similar
Top 5 Countries
1 20% United States of America
2 9% Korea, Republic of
3 8% China
4 7% Taiwan
5 6% Japan
Intrusion Prevention
Top 10 Detected Attacks
1 10%
MS.ISA.Multiple.Content-Length.HTTP.Request.Smuggling
2 6% MSSQL.TDS.NULL.DoS
3 6% GET.With.Content-Length.HTTP.Request.Smuggling
4 5% MS.Exchange.XLINK2STATE.CHUNK.Overflow
5 5% MS.ASN.1.Library.Bitstring.Heap.Overflow
6 5% NTLM.Null.User.445
7 5% LSASS.Bind.9090.445
8 4% Slammer
9 3%
MS.Data.Access.Components.RDS.ContentType.Buffer.Overflow
10 3% SMB.TreeConn.AndX.Deny.445
|
|
Database Versions
Antivirus - 6.877
Web Filtering - 7.193
Intrusion Prevention - 2.337
AntiSpam - 18.350 / 31.486
FortiOS v3.00 MR2
as of Dec 5, 2006 11am PT
|
|
About FortiGuard Bulletin
The FortiGuard Bulletin is a regularly-published
newsletter designed to convey information about
newly-identified network intrusion attacks, new
and emerging computer viruses and computer virus
outbreaks. Details and links to software
patches affecting large populations of computer
users are regularly mentioned.
In addition to bringing you information about
the latest computer security threats, FortiGuard
Bulletin also provides FortiGate system users
with the latest antivirus & NIDS database
version information. Recommended FortiOS
maintenance release (MR) and build number
details can be obtained from the support web
site [see quick links].
According to IDC Research, Fortinet is the #1
Worldwide provider of Unified Threat Management
Security with the unique ability to provide
ASIC-accelerated Anti-Virus, Firewall and VPN
functionality options on a single platform.
Additionally, please download IDC's Fortinet
Profile at this URL:
http://www.fortinet.com/doc/whitepaper/FortinetIDCProfile.pdf
More than a billion viruses and intrusion
attempts have been blocked by 100,000 plus
FortiGate AntiVirus Firewalls installed at
thousands of customers worldwide. Learn more
about Fortinet's newest product and service
offerings at Fortinet.com.
|
|
|
email: fortiguard@fortinet.com
web: http://www.fortinet.com
|
|
