Fortinet發佈2007年9月份威脅報告

Fortinet Announces Top Reported Threats for September 2007

KUALA LUMPUR, Malaysia, 2 October 2007– Fortinet® – the pioneer and leading provider of unified threat management (UTM) solutions – today announced the top 10 most reported high-risk threats for September 2007. The report, compiled from all FortiGate™ multi-threat security systems in production worldwide, is a service of the Fortinet Global Security Research Team.

September 2007’s top 10 threats, as determined by the degree of prevalence are:

Rank Threat Name
1 Adware/CashOn
2 W32/Netsky.P@mm
3 HTML/Iframe_CID!exploit
4 W32/ANI07.A!exploit
5 HTML/Obscured!exploit
6 W32/Dialer.PZ!tr
7 W32/Grew.A!worm
8 W32/Bagle.DY@mm
9 W32/Virut.fam
10 W32/Dloader.K!tr

The September top 10 highlights the following:

CashOn reaches the top of the list this month, moving from last month's fourth place. The adware toolbar plugin has almost doubled in volume since August and is far ahead of the rest of the top 10 in terms of activity.

Obscured!exploit continues to gain momentum, though not as fast as CashOn. This malware is part of the top ten for the second consecutive month with a 10 percent increase in its level of activity compared to August.

As stated earlier, the most notable threat in September’s top 10 is CashOn, an adware toolbar plugin that first made its mark on the list last month. The adware has experienced an activity increase of almost ten-fold within the last two months, achieving a 90 percent growth rate. Similar to last month, the FortiGuard Global Security Research Team noticed distribution peaks twice a week, specifically on Mondays and Wednesdays, with 99.8 percent of all activity primarily occurring in Korea.

CashOn is adware that can be installed without the user’s permission. Once downloaded or automatically ran through exploits, it becomes part of the user's Web browser. CashOn can hijack the browser's settings by changing configurations, such as the user's homepage. As a result, each time a user loads up his/her browser, he or she will be directed to the homepage of CashOn in Korea.
CashOn resides on a Korean top-level Web site domain and acts as a gateway to various other Korean-based shopping sites. An initial visit to CashOn's portal exposes the user to neatly displayed e-commerce sites offering low priced items. When the user clicks on the displayed links to other shopping sites, they are tracked so that any purchase can be traced back to CashOn. In fact, the various website URLs all target the same Korean locale and maintain stateful information so that CashOn can collect on all referrals that passed through.

“The financial outlook of a thriving e-commerce market, polluted by an adware like CashOn, is substantial. In order to make profits from this business, there is a need for exposure, which requires an effective seeding strategy. The dominant seeding of CashOn suggests that there may have been more players behind this distribution campaign, who are being compensated for their efforts to spread this adware at haste,” said Derek Manky, Fortinet security research engineer.

“In turn, this could foreshadow the surface of another related variant or strain, raising an eyebrow to security concerns. Users need to continue to educate themselves on these types of threats to ensure that they have the necessary protection to guard against future outbreaks.”
To read the full September report, please visit http://www.fortiguardcenter.com/reports/roundup_sep_2007.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.