Gaming Trojan Is Top Dog in Fortinet May ’09 Threatscape Report

MALAYSIA, 29 May 2009 - Fortinet - a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions - today announced its May 2009 Threatscape Report showed a dominance by the online gaming Trojan, W32/Dropper.PTD, which made up more than one-third of all detected malware activity of the past month. Threat activity was higher overall, with malware up 66 percent from the April Threatscape Report, vulnerabilities and active exploits at their highest this year and spam rates higher than recorded last month. Key highlights of the May Threatscape Report follows:

· Gaming Trojan Dominates: W32/Dropper.PTD, the most aggressive of the online gaming Trojans, claimed 34.5 percent of malware activity for the month, representing the strongest surge by a single malware variant since September 2008.
· Targeting China: For the second consecutive month, China (44.86%) led the pack with the highest percentage of malware activity worldwide due largely to online gaming. This came by courtesy of gaming Trojan W32/Dropper.PTD, which pursued Thailand as its second favorite target. The U.S. (37.81%) again came in second place, with Japan (33.52%), India (16.19%) and Taiwan (15.26%) making up the rest of the most-targeted regions around the globe.
· New Highs for Vulnerabilities and Active Exploits: highest reported rates so far this year. Out of 140 newly covered vulnerabilities this period, 46.4 percent were reported to be actively exploited, well up from last report (31.3%). The most active exploit overall this period was the notorious MS08-067 vulnerability, first made infamous through Conficker. This exploit (MS.DCERPC.NETAPI32.Buffer.Overflow) targets a vulnerability in Microsoft’s Server service.
· Spam Targets Swine Flu Fear: Spam levels were at their highest at the beginning of May, but there has been an increase overall from the last report. The Canadian Pharmacy gang has been aggressive and currently pushing TamiFlu as one of their main “products,” hoping to draw potential victims to their wares to take advantage of the recent swine flu scare.

“Criminals – both online and offline – target easy money, and for the cyber underworld, what continues to pay off is online gaming,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “While online gaming threats seem to be most prevalent in Asian countries for the time being, we believe a similar movement will hit North America in the near future as cybercriminals uncover new ground. They have already begun to expand their horizons.”

The FortiGuard research team compiled threat statistics and trends for May based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full May Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/reports/roundup_may_2009.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.