Adware Uses Trickery to Catapult onto Fortinet’s Most-Reported Threats for May 2008

Bagful of Adware Tricks Snares Users with Virus Protection Offer

MALAYSIA, 3 June 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for May 2008. The strongest development of the month showed adware Vapsup flooding users with advertisements for rogue virus protection software. Vapsup jumped 42 positions to land on the second spot, just .01 percent behind persistent malware leader, Netsky. From using plug-ins that hi-jack control of users’ Web browser navigation to rogue antivirus scanner pop-ups, Vapsup had a bagful of tricks and scare tactics to lure the unsuspecting user into clicking affiliate links. The incentive for all this trickery was the per-click payouts through affiliate marketing programs linking back to servers located mostly in Russia and the U.S.

“Judging by the high level of activity by Vapsup in the past month, the cyber criminals behind this adware should be getting a huge payday,” said Derek Manky, security researcher for Fortinet.

Fortinet’s FortiGuard Global Security Research Team compiled this report based on intelligence gathered from FortiGate multi-threat security systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services are already protected against the threats outlined in this report.

Additional malware trends observed during this period include the following:
· Online gaming Trojan activity continues in Asia, still concentrated in Taiwan and China;
· An Iframe injection campaign runs strong through Iframe.DN, pointing to Korean servers;
· Parasitic file infector, Virut.A, which made itself known in March remains in the top five for three consecutive months, showing longevity.

Following are the Top Ten individual threats and Top Five threat families in May. Top 100 shifts indicate positional changes compared to April’s Top 100 ranking, with “new” representing the malware’s debut in the Top 100.

Top Ten Individual Threats

Rank, Threat Name
1, W32/Netsky!similar
2, Adware/Vapsup
3, HTML/Iframe_CID!exploit
4, W32/Virut.A
5, W32/Pushdo.EV@mm
6, W32/OnLineGamesEncPK.fam!tr.pws
7, HTML/Iframe.DN!tr.dldr
8, W32/MyTob.BH.fam@mm
9, W32/OnLineGames.ADRE!tr.pws
10, W32/Zafi.E@mm

Top Five Families

Rank, Malware Family
1, Netsky
2, MyTob
3, Virut
4, Pushdo
5, MyDoom

To read the full May report, please visit: http://www.fortiguardcenter.com/reports/roundup_may_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.