Fortinet Announces Top Reported Threats for March 2007

Fortinet – the pioneer and leading provider of unified threat management (UTM) solutions – today announced the top 10 most reported high-risk threats for March 2007. The report, compiled from all FortiGate multi-threat security systems in production worldwide, is a service of the Fortinet Global Threat Research Team.

March 2007’s top 10 threats, as determined by the degree of prevalence are: 
Rank - Threat Name - Threat Type - % of Detections
1 W32/Netsky.P@mm Mass mailer 4.62
2 W32/Bagle.DY@mm Mass mailer 4.44
3 HTML/Iframe_CID!exploit Exploit 3.93
4 W32/Grew.A!worm Worm 2.87
5 W32/Bagle.GT@mm Mass mailer 2.47
6 HTML/BankFraud.BGU!phish Phish 2.23
7 W32/Sality.Q Virus 1.93
8 W32/Istbar.PK!tr.dldr Downloader 1.63
9 W32/Everda!tr Rootkit 1.56
10 Adware/Solutions180 Adware 1.31

The March top 10 list shows a wide-spread phishing attempt against a new financial institution, the return of 180Solutions Adware, and, an unusual entry into the top 10, the Everda rootkit. This rootkit is used to hide file and registry information by patching the kernel service descriptor table. As with any emerging rootkit technology, Everda can cause issues with host-based antivirus or antispyware software, since rootkits are harder to detect once installed.
Most notable this month, the Fortinet Global Security Research Team discovered a new instance of a MySpace “phisher worm,” originally reported in November 2006. The original phisher worm was spread largely by social networking, through individuals unwittingly promoting rogue MySpace login pages by way of bulletins (messages to all of their friends). The rogue site would then steal the user's login credentials, and a server-side program on the rogue server would then distribute the initial message to the friends of the freshly phished user.

The latest variant was likely seeded using an available database of stolen profiles that the hackers either bought or gathered via a previous phishing operation. The seemingly safe MySpace.com profiles have been covered with a transparent clickable image that directs visitors to a phishing page. When these visitors enter their credentials into the rogue site, the program sitting on the rogue server injects the malicious code into the users’ profiles, now giving their profiles the transparent clickable image, thereby furthering the propagation of the phisher worm.

“MySpace.com allows its users to embed HTML in various parts of their profile pages, which is a popular Web 2.0 feature, but also a breeding ground for threats such as the phisher worm,” said Guillaume Lovet, threat research team manager. “Although the specific MySpace.com phisher worms pose immediate danger only to the site’s users, it is a reminder of the threats that exist within popular Web 2.0 communities, as well as the threats that exist to steal financial, business and medical, as well as personal information.”

To read the full March report, please visit http://www.fortiguardcenter.com/reports/roundup_mar_2007.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated multi-threat security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam--providing customers a way to protect multiple threats as well as blended threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by ICSA Labs (firewall, antivirus, IPSec, SSL, IPS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.