Fortinet November Threatscape Report Shows Deceiving Downward Trend

With the exception of an increase in the number of exploits, malware and spam showed significant decline, but one that Fortinet believes to be temporary as the holiday buying season is likely to bring the cybercriminals back out from hiding.

Two key activities suggest that the online threat hiatus is only temporary: 

 The McColo take-down dropped the percentage of email tagged as spam to a low of 37 percent in mid-November;

 Three of the top five malware variants were members of the Goldun family of key-loggers, which record keystrokes most often for banking and credit card information theft; increased key-logging activities suggest a readying for online-buying over the holiday season.

"We expect both of these activities to quickly escalate as spam botnets find new avenues to proliferate themselves in the wake of McColo," said Derek Manky, project manager, cyber security and threat research, Fortinet. "And with the online shopping season now kicking off, key-logging activity is expected to follow in hot pursuit. We are already seeing a steady uptick in threat activity since closing the November report."

Following are key findings from Fortinet's November Threatscape report:

• Exploits/Intrusion - 25 of the 81 active vulnerabilities were considered high-risk categories; the top two - Trojan.Storm.Worm.Krackin.Detection and Worm.Slammer - accounted for 60 percent of the month's total vulnerabilities;

• Malware - activity declined slightly in October and November, due largely to the decrease in scareware, which still remained No. 1 on the top ten malware variant list with Goldun's key-logging activity claiming the 2nd, 3rd and 4th positions; Japan (39.68%) and the U.S. (39.58 %) were the main battle grounds for malware with China (30.37%), Taiwan (22.16%) and India (17.59%) making up the rest of the top five most highly attacked regions;

• Spam - a sharp drop in activity on November 12 resulted from the McColo take-down, but spam remains an active distribution mechanism for cyber criminals; three socially-engineered emails topped the list of spam for the month, all with malicious attachments related to top-ranked malware W32/FakeAlert.D and W32/Goldun.RV; both of these malware families were observed to be involved in the same email campaign, an indicator that different criminal organizations are utilizing the same spam vehicle;

• Web traffic - on the web, malware jumped seven points to 21 percent of categorized web threat activities, due for the most part to a near double-digit decline in pornographic traffic.

The Fortinet FortiGuard Global Security Research team compiled threat statistics and trends for November based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full November Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/reports/roundup_nov_2008.html.

In its first report that was issued in October:  malware was very high, scary and targeted Japan and the U.S.A.; spam was significantly down as percentage of total email; exploits were on the rise and very aggressive; and pornography represented the highest Web threat traffic.

The Fortinet FortiGuard Global Security Research team compiled the following statistics and trends for October based on data collected from FortiGate network security appliances and intelligence systems in production worldwide:

• Exploits/Intrusion - Of the 18 active exploits, 14 were considered in the high- or critical-risk categories;

• Malware - Rogue security applications (AKA "scareware") remained the top malware category for the month, with overall volume continuing the steep climb observed from April (10 million) to September (30 million); Japan (38.6%), the U.S. (32.9%) and China (25.1%) were the top three regional recipients of malware volume this month;

• Spam - October showed a precipitous and uncharacteristic decline in the percentage of email tagged as spam, with the period October 8 thru 20 showing a 10-percent drop;

• Web traffic - Pornography topped the list of Web threat sites that were blocked, followed by malware, spyware and phishing sites.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For products with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.