MIDDLE EAST, Aug. 4, 2009 – Fortinet® – a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions – today announced that its July 2009 Threatscape Report showed aggressive eCard spam activity throughout the reporting period.
The FortiGuard® Global Security Research Team reported this threat trend alongside others, including two exploits in the wild, growing mobile threats and a first-place showing for the ever-present online gaming malware variant.
- Canadian Pharmacy assaults Google Groups, Tinypic: Fortinet saw a flood of eCard spam continuing from last month and using various techniques, with a majority of them leading victims to Canadian Pharmacy domains. Canadian Pharmacy’s success, fueled by an affiliate sponsorship model, invites cyber criminals to advertise the fraudulent pharmaceuticals and drive traffic to their domains. In this period, eCard spam primarily used direct links, Google© Groups and the photo sharing service Tinypic© as their distribution vehicles. While traditional spam continues to thrive through email, Fortinet has predicted and reported on many spam attacks that are occurring through new Web 2.0 platforms such as social networking sites. To help evade detection, cyber criminals have, in the past, used services such as Tinyurl to obfuscate their malicious URLs. Tinypic is a similar and recent example of how legitimate service providers are used to piggyback malicious resources.
- Two in-the-wild exploits make waves: The first of the two exploits is the highly discussed MS ActiveX Video control vulnerability, patched on July 14th by Microsoft MS09-032. Exploit activity for this vulnerability was frequent throughout the month, but remained relatively low with most prevalent activity detected in Korea, China and Japan. As of this writing, the second vulnerability, MS Office Web Components, remains unpatched/zero-day, also with relatively low detection rates with leading activity in China, India and Japan. Exploits against zero-day tend to be more successful since patches are not readily available. FortiGuard IPS is capable of detecting and blocking malicious activity against both of these attacks. The FortiGuard Global Security Research team first spotted public exploit code for this second vulnerability on July 11th.
- Mobile threat development continues: In July, Fortinet saw the emergence of SymbOS/Yxes.E and SymbOS/Yxes.F, the latest updated variants of Yxes that Fortinet first reported in February. In particular, Yxes served up dynamic content to show the beginning steps of how cyber criminals are addressing a market that is fragmented due to multiple platforms. This is important because malicious binaries are often written for a single target (i.e., Windows, OS/X). On traditional desktops, these targets are limited; however, in the mobile market, the number of platforms are growing and diversifying and offers many more possible targets.
- Virut posts record levels; online gaming trojans flood cyberspace: W32/OnlineGames.BBR maintained and built heavily from its first place position last report — accounting for 43 percent of total detected malware activity. This latest attack saw much of its volume from July 5th onward, with a peak of activity on July 8th. Aside from this, the regular faces of W32/Virut.A and JS/PackRedir built on their activity from the last report. In fact, Fortinet’s detected activity for W32/Virut.A this period climbed to record levels, underscoring the fact that this behemoth has become a dominant threat –particularly in Asia.
“With users flocking to popular Web 2.0 tools, including social networking sites, cyber criminals are following the masses and using these emerging platforms as new threat-delivery mechanisms with success,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This is an especially effective strategy as users can view social media tools to be a trusted network. But, regardless of the image or what the link appears to be, users should always observe where any hyperlink will actually take you and exercise due care.”
The FortiGuard research team compiled threat statistics and trends for July based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use updated Fortinet’s FortiGuard Subscription Services should be protected against the threats outlined in this report.
To read the full July Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/report/roundup_july_2009.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.