The following statistics are compiled from Fortinet's FortiGate network security appliances and intelligence systems for the period April 21st - May 20th, 2009.
Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacksreported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:
Figure 1a: Top 5 regions by detected exploit attempts
Top 10 malware activity by individual variant. Percentage indicates the portion of activity the malware variant accounted for out of all malware threats reported in this edition. Top 100 shifts indicate positional changes compared to last edition's Top 100 ranking, with "new" highlighting the malware's debut in the Top 100. Figure 2 below shows the detected volume for the malware variants listed within the Top 5:
Top 5 regions for this period, ranked by distinct malware volume reported. Distinct malware volume indicates the amount of unique virus names (variants) that has been detected in the given regions, as opposed to total malware volume, which indicates the accumulated amount of all reported incidents. Total and unique malware volume trends for the last six reporting periods are also given. Figures 3a-3c below show these statistics:
For more information on daily activity per region, please visit our Virus World Map.
The global spam rate is shown on a daily basis for this edition's given period. Spam rate indicates the accumulated emails which have been tagged as spam, in comparison to total email traffic. Top 5 spam regions are ranked by received spam in comparison to global spam volume. Statistics are graphed for business working days, and shown in Figures 4a-4b below:
Top three email threats observed for this period. Top e-mails have been filtered to highlight diverse campaigns by removing duplicates and unsolicited advertisements. This helps focus on scams and malicious intent; the resulting list is ranked by Figures 5a-c below illustrate the most popular message tactics used during recent spam campaigns:
The following list breaks down the percentage of activity blocked for selected Web categories throughout this period. Percentage indicates how much activity was accounted for out of the four selected categories. Figure 6a shows a different scope, comparing only threat traffic: Malware, spyware, and phishing. The percentage shown in Figure 6a below indicates how much activity was accounted for out of these three threat categories. Figure 6b highlights the growth (or reduction) of selected web threat activity when compared period over period:
There was quite a bit of activity this period in our malware Top 10 -- most notably, a variant which accounted for more than thirty percent of global detected malware activity. Last report, we discussed the consistent activity from Virut and online gaming trojans, as well as the real money trading business to which cybercriminals are flocking: gold farming, account harvesting, etc. There were three gaming trojan variants present then, with W32/Dropper.PTD in the lead, positioned just behind W32/Virut.A. This period, Virut continued its dominance in our Top Ten, but was overshadowed as W32/Dropper.PTD picked up its momentum in a significant way: Figure 2 clearly reflects this run. We have not seen a malware variant take such activity share since September 2008, when rogue security software began to plague cyberspace. Though, W32/Dropper.PTD still pales in comparison to the run by W32/Inject.BZW in September 2008, thanks to the then-inflated malware volume on the Threatscape. Nonetheless, this activity certainly reinforces a prediction made through our 2009 Threat Forecast (7. Let the games begin). Not to be forgotten, W32/PackWaledac.B, just one of the many Waledac variants circulating thanks to heavy server side polymorphism, landed in seventh position - indicating the increasing presence of the malicious Waledac network. As we have warned throughout the year, this is certainly a threat of which to beware.
W32/Dropper.PTD is an online gaming trojan which drops a UPX packed DLL extension for use by MS Windows' "explorer.exe." This DLL is used as a shell execution hook, and one DLL was observed sniffing credentials from targeted servers linked to "Zhu Xian," a popular MMORPG developed by Perfect World. First developed with a 2007 launch in China, the game has since expanded to markets in Malaysia, Singapore, Vietnam and Thailand (2008) with licensing agreements. Cybercriminals have indeed followed this market movement: our intelligence systems indicated a heavy activity rate in China this period for W32/Dropper.PTD, with Thailand (one of the expanded regions) positioned right behind in second place. A closed beta test was just announced for "Zhu Xian" in North America, with a planned release under the name "Jade Dynasty." A similar threat movement may hit North America in the near future as such popular games from Asia (where online gaming threats are currently the most prevalent) expand to potential North American markets.
Among all of the online gaming activity, the Virut family very much remains a major player and real threat. Virut is a parasitic file infector, that contains botnet capabilities and has been seen to infect and spread through other worms. Not only did W32/Virut.A continue its strong activity we have witnessed over the past year, a new and improved variant, W32/Virut.E also shot up into tenth position in our top ten this period. W32/Virut.E exhibits much the same behaviour as the 'A' variant, but is refactored to be more efficient and robust. Watch out for this as Virut, with its hybrid capabilities, can come in many shapes, through many vectors.
Threats have been on the rise through all areas. New vulnerability coverage shows exploits and vulnerabilities at the highest levels yet this year, with over forty percent of new vulnerabilities actively exploited this period (Figure 1b). Spam rates continued to climb from April, while affected regions remained the same. China maintained its lead in malware activity over the USA (Figure 3a) for two consecutive periods, helped by online gaming threats. Overall, malware volume increased +66% from last report while distinct variants stayed virtually the same with a +1% increase (Figures 3b/3c). For period-over-period web threat growth, pornography declined -31% from last report while both malware and spyware categories were on the rise (+19% and +7% respectively). Intrusion detection systems show MS.DCERPC.NETAPI32.Buffer.Overflow sitting in first place for exploit activity this period, thanks to this well known vulnerability (MS08-067) being targeted by other "copy-cat" worms, such as W32/Neeris.A. This exploit targets a vulnerability in Microsoft's Server service through RPC.
Figure 5a shows the notorious Canadian Pharmacy gang advertising TamiFlu, in the wake of the flu season, and H1N1. Using location based services, this gang targets regions with localized spam: lots of German spam was observed this period, and we have previously shown similar spam in Russian. Furthermore, they attempt to hook end users in through many vectors such as social engineering sites. Figure 5b shows a spam mail containing a document attachment, which is actually a lottery / advance fee scam: be especially aware of document attachments as cyber criminals often use documents to exploit vulnerabilities. While this is a benign letter (that can lead to a scam), opening a document that may not seem to be executable can instantly compromise your machine. Finally, Figure 5c shows a recent phish posing to be the Bank of America. Note the social engineering tactic, with a scare element threatening to suspend the user's account. Above all, observe the fake link that goes to the phish highlighted at the bottom in red - and always think before you link. With the increase of all these threats, it is yet another important reminder to prioritize security and employ a layered security solution to protect your networks and sensitive data. Consolidated network security and effective threat management represent a strong combination for this.
Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report. Threat activity is compiled by Fortinet's FortiGuard Global Security Research Team using data gathered from its intelligence systems and FortiGate™ multi-threat security appliances in production worldwide. FortiGuard Subscription Services offer comprehensive security solutions including antivirus, intrusion prevention, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products.
Related posts for winter coat down:
kids roman costume
abc online resources
sr 1 leather jacket
discount women's swimwear
summer clothing for women
See also for winter coat down:
iron maiden tee shirts
big and tall mens dress shirts
men clothing shop
mens coat leather
purse travel
No comments:
Post a Comment