A Lot of Playing Going On in Fortinet’s Most-Reported Threats for April 2008

Asian Countries the Target of Online Gaming Ploys

MALAYSIA – 2 May 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced that the top 10 most reported high-risk threats for April 2008 were driven by a campaign launched on April Fools Day and two online gaming Trojans that primarily targeted a number of Asian countries: China/Hong Kong, India, Japan, Korea and Taiwan. With their eyes on Asia, Trojans OnLineGamesEncPK.fam!tr.pws and OnLineGames.SIN jumped 15 and 31 spots, respectively, to land in the sixth and seventh positions on Fortinet’s Top 10 list for April. Additionally, the Cutwail variant Mutant.CV made an impressive debut at the No. 2 position and was first observed on April Fools Day as a screen-saver attachment in mass mail.

Fortinet’s FortiGuard Global Security Research Team compiled this report based on intelligence gathered from FortiGate multi-threat security systems in production worldwide.

Additional malware trends observed during this period include the following:
· OnLineGamesEncPK.fam!tr.pws targeted 80 percent of its attack on Taiwan. The remaining 20 percent were spread among Japan (7.1), the U.S. (1.9), India (1.7), Mexico (1.1) and others.
· OnLineGames.SIN also focused 80 percent of its efforts on one Asian country, choosing China to receive the brunt of its attack. Japan (7.6), Hong Kong (4.6), Taiwan (2.3), Korea (1.0) and others made up the remainder.
· In addition to the heavy attack on one country, emails seeded with the two online gaming Trojans also leveraged the traditional Chinese language as a localization tactic.
· Mutant.CV began its campaign on April Fools Day with concentrated spikes of activity, while the gaming Trojans showed consistent daily volume throughout the month.

“With Asia accounting for more than 50 percent of all online gaming revenue worldwide according to recent reports, it’s no surprise that the cyber criminal activity we witnessed this past month were localized attacks to this region,” said Derek Manky, security researcher for Fortinet. “Due to the prosperous nature of the thriving online gaming community, it’s highly likely we will continue to see these types of attacks in the future.”

Following are the Top Ten individual threats and Top Five threat families in April. Top 100 shifts indicate positional changes compared to March’s Top 100 ranking, with “new” representing the malware’s debut in the Top 100.

Top Ten Individual Threats
1 W32/Netsky!similar
2 W32/Mutant.CV!tr.dldr
3 HTML/Iframe_CID!exploit
4 W32/Pushdo.EV!tr.dldr
5 W32/Virut.A
6 W32/OnLineGamesEncPK.fam!tr.pws
7 W32/OnLineGames.SIN!tr.pws
8 W32/MyTob.BH.fam@mm
9 W32/Small.FQS!tr.dldr
10 W32/MyTob.FR@mm

Top Five Families
1 Netsky
2 MyTob
3 Cutwail
4 Virut
5 Pushdo


To read the full April report, please visit: http://www.fortiguardcenter.com/reports/roundup_apr_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.