FortiGuard Center
Threat Research and Response
Threatscape Report - October 2008 Edition
The following statistics are compiled from Fortinet's FortiGate network security appliances and intelligence systems for the period September 21st - October 20th, 2008.
Top 10 Exploitations Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold: Rank Vulnerability Percentage Severity 1 Trojan.Storm.Worm.Krackin.Detection 39.7 High 2 Worm.Slammer 34.6 High 3 PhpInclude.Worm.B 5.5 High 4 invalid_length 1.7 Low 5 TCP.Bad.Flags 1.1 Critical 6 SSH.Brute.Forcer 1.0 Low 7 invalid_encoding 0.8 Low 8 large_fragsize 0.8 High 9 Danmec.Asprox.SQL.Injection 0.7 High 10 chunk_overflow 0.4 Critical New Vulnerability Coverage
Top 10 Variants Top 10 malware activity by individual variant. Percentage indicates the portion of activity the malware variant accounted for out of all malware threats reported in this edition. Top 100 shifts indicate positional changes compared to last edition's Top 100 ranking, with "new" highlighting the malware's debut in the Top 100. Figure 2 below shows the detected volume for the malware variants listed within the Top 5:
Regions & Volume Top 5 regions for this period, ranked by distinct malware volume reported. Distinct malware volume indicates the amount of unique virus names (variants) that has been detected in the given regions, as opposed to total malware volume, which indicates the accumulated amount of all reported incidents. Six month trends are also given up to the last calendar day of the most recently completed month. Figures 3a-3c below show these statistics:
For more information on daily activity per region, please visit our Virus World Map. Circulating Spam Spam Rate The global spam rate is shown on a daily basis for this edition's given period. Spam rate indicates the accumulated emails which have been tagged as spam, in comparison to total email traffic. Statistics are graphed for business working days, and shown in Figure 4 below:  Figure 4: Spam rate compared to global email Top 3 In The Wild Top 3 spam e-mails observed for this period, ranked by reported volume. Figures 5a-c below illustrate the most popular message tactics used during recent spam campaigns:
Crawling The Web Web Threat Traffic Selected Web categories for this period, ranked by traffic volume. Percentage indicates the web traffic volume the respective category accounted for throughout this period, compared to total web traffic categorized. Figure 6 below shows the distribution of malware, spyware, and phishing traffic for this period to reflect the distribution of web threats.
Activity Recap This month we break out an exciting new format to reflect on a vast threatscape that is continuously shifting. In antivirus, the top 10 prevalent variants were almost purely related to rogue security software (aka "scareware"). Only W32/Goldun.AZL, W32/Netsky and W32/Virut managed to stay in the list despite strong activity from rogue security malware. W32/Netsky came in at 9th position, barely clinging onto a seemingly infinite reign in our top 10. W32/Virut.A continues to have a surprisingly strong grip, landing in a top six position for eight consecutive months despite all of the rogue activity. The threatscape is changing, triggered by a dramatic shift last month thanks to rogue variants that continue to plague cyberspace. Fortinet security researcher Derek Manky observed this in last month's War of the Rogues analysis. This shift is highlighted in Figure 3b, as total malware volume has been on the rise since July 2008 after a long and steady fall in activity. While malware volume has recently been on a sharp rise, the number of detected variants in the wild (Figure 3c) has declined. This means we are seeing more aggressive seeding for these variants, in part to the reasons mentioned above. In the ancient world of spam, one still needs to exercise extreme caution when browsing his or her inbox. Take Figure 5b for example, our second most circulated spam seen in this edition. The email employs fear mongering at its best, using perhaps one of the hottest current topics (the financial crisis) in order to lure the victim into clicking on a link in the promise of a better future. On top of unsolicited commercial emails (spam), what may seem like an innocent email can take you to a malicious place; this is exactly the cautious mentality that should be in place when opening electronic mail. We always recommend to "think before you link" as there are many scams, exploits and pieces of malware lurking around the corner. Of 66 vulnerabilities added this edition, 18 of them, or roughly 27 percent, were reported to be actively exploited. Old exploits are still commonly used to launch attacks, leveraging holes in software that people have not bothered to patch up on their machines. While this is bad enough, even fresh ones are being actively pursued. This should serve as a reminder that updating all software with patches on a daily basis is an essential practice to thwarting threats, layered with a trusted intrusion prevention system. Solutions Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report. Threat activity is compiled by Fortinet's FortiGuard Global Security Research Team using data gathered from its intelligence systems and FortiGate™ multi-threat security appliances in production worldwide. FortiGuard Subscription Services offer comprehensive security solutions including antivirus, intrusion prevention, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. |
