Fortinet November Threatscape Report Shows Deceiving Downward Trend

Higher Activities Expected to Resume as Holiday Buying Season Kicks In

MALAYSIA, 9 December 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced its November Threatscape report showed a downward trend in online threat activity following the 2008 apex in September. With the exception of an increase in the number of exploits, malware and spam showed significant decline, but one that Fortinet believes to be temporary as the holiday buying season is likely to bring the cybercriminals back out from hiding.

Two key activities suggest that the online threat hiatus is only temporary:
§ The McColo take-down dropped the percentage of email tagged as spam to a low of 37 percent in mid-November;
§ Three of the top five malware variants were members of the Goldun family of key-loggers, which record keystrokes most often for banking and credit card information theft; increased key-logging activities suggest a readying for online-buying over the holiday season.

“We expect both of these activities to quickly escalate as spam botnets find new avenues to proliferate themselves in the wake of McColo,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “And with the online shopping season now kicking off, key-logging activity is expected to follow in hot pursuit. We are already seeing a steady uptick in threat activity since closing the November report.”

Following are key findings from Fortinet’s November Threatscape report:
§ Exploits/Intrusion – 25 of the 81 active vulnerabilities were considered high-risk categories; the top two – Trojan.Storm.Worm.Krackin.Detection and Worm.Slammer – accounted for 60 percent of the month’s total vulnerabilities;
§ Malware – activity declined slightly in October and November, due largely to the decrease in scareware, which still remained No. 1 on the top ten malware variant list with Goldun’s key-logging activity claiming the 2nd, 3rd and 4th positions; Japan (39.68%) and the U.S. (39.58 %) were the main battle grounds for malware with China (30.37%), Taiwan (22.16%) and India (17.59%) making up the rest of the top five most highly attacked regions;
§ Spam – a sharp drop in activity on November 12 resulted from the McColo take-down, but spam remains an active distribution mechanism for cyber criminals; three socially-engineered emails topped the list of spam for the month, all with malicious attachments related to top-ranked malware W32/FakeAlert.D and W32/Goldun.RV; both of these malware families were observed to be involved in the same email campaign, an indicator that different criminal organizations are utilizing the same spam vehicle;
§ Web traffic – on the web, malware jumped seven points to 21 percent of categorized web threat activities, due for the most part to a near double-digit decline in pornographic traffic.

The Fortinet FortiGuard Global Security Research team compiled threat statistics and trends for November based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full November Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/reports/roundup_nov_2008.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.