Malware Activity Sends Heavy Traffic to Insurance Sites in Fortinet’s Most-Reported Threats for July 2008

MALAYSIA, 7 August 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for July 2008. One clear trend for the month shows a proliferation of high traffic-generating threats – Iframe.DN, Iframe.DR and Redirector.CA – as a way to drive users to specific web sites for financial gain. Interestingly, July’s three most active traffic generators shared a common destination, driving users to insurance sites.

“Strong activity this month among high traffic-generating malware means that users need to put even more thought in how to be safe on the Internet; avoiding underground and pornographic sites, for example, does not make you 100 percent malware proof today,” said Derek Manky, security researcher for Fortinet. “Online safety really comes from a combination of good practice and adapted security solutions.”

Fortinet’s FortiGuard Global Security Research Team compiled this report based on intelligence gathered from FortiGate multi-threat security systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services are already protected against the threats outlined in this report.

Other malware trends observed during this period include the following:
Virut.A, a virus that infects executable files, continues its impressive run with increased activity, landing in second place and keeping its six-month placement in the top five;
Pushdo, a Trojan whose purpose is to download and install malicious software, is back among the Top Ten this month after briefly dropping in activity;
Two new Javascript variants – Iframe.DR and Redirector.CA – take hold of seventh and tenth positions, respectively;
Heavy online gaming Trojan activity continues in Taiwan and Japan through OnLineGames.fam!tr.pws; as a family, OnLineGames still tops the list.

Following are the Top Ten individual threats and Top Five threat families in July. Top 100 shifts indicate positional changes compared to June’s Top 100 ranking, with “new” representing the malware’s debut in the Top 100.

Top Ten Individual Threats

1 W32/Netsky!similar
2 W32/Virut.A
3 Pushdo!tr
4 W32/Agent.TPF!tr.dldr
5 HTML/Iframe.DN!tr.dldr
6 W32/MyTob.FR@mm
7 JS/Iframe.DR
8 W32/OnLineGames.fam!tr.pws
9 W32/Mdrop.BTV!tr
10 JS/Redirector.CA!tr

Top Five Families

1 OnlineGames
2 Netsky
3 MyTob
4 Virut
5 Pushdo

To read the full July report, please visit: http://www.fortiguardcenter.com/reports/roundup_jul_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.