Rogue Security Apps Strike Again on Fortinet’s Most-Reported Threats for September 2008

Represents More Than 60 Percent of Month’s Malware Activity

MALAYSIA, 6 October 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for September 2008. For the second consecutive month, rogue security applications have dominated cyberspace – this time with a vengeance – making up 61.5 percent of total activity for September. Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr – the most prolific variant of the rogue security Trojans – launched an all-out campaign with volumes not before observed by Fortinet researchers. Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.

Not surprisingly, with rogue security malware claiming the top four positions in this month’s Top 10 list, it also propelled the RogueSecurity family into the No. 1 position among malware family activities for the entire month. As they were in last month’s report, AntiVirus XP 2008 (55.5%) and XP Security Center (6%) were the two main applications that fronted the security scams in September.

“When we see unprecedented volume, as in the case of these rogue security applications, it usually indicates that the attacks are working and cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organization,” said Derek Manky, security researcher for Fortinet. “In order to not fall into these traps, consumers should ensure that the source of their security application purchases are legitimate. Consumers should look out for unsolicited system messages which typically claim to find hundreds of infections, followed by purchase requests to cleanse.”

Fortinet’s FortiGuard Global Security Research Team compiled this report based on intelligence gathered from FortiGate multi-threat security systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services are already protected against the threats outlined in this report.

Other malware trends observed during this period include the following:
Virut.A, a virus that infects executable files, remains strong, coming in seventh spot and bumped out of the top five for the fist time in seven months;
Goldun.AXT, a new Trojan keylogger, generated heavy volume to claim the sixth position;
Crypt.MV, part of the Pushdo family, clinches the final tenth spot.

Following are the Top Ten individual threats and Top Five threat families in September. Top 100 shifts indicate positional changes compared to August’s Top 100 ranking, with “new” representing the malware’s debut in the Top 100.

To read the full September report, please visit: http://www.fortiguardcenter.com/reports/roundup_sep_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.