Highest Levels of Malicious Code Ever Detected
MIDDLE EAST, Feb. 2, 2010 – Fortinet® (NASDAQ: FTNT) – a leading network security provider and worldwide leader of unified threat management (UTM) solutions – today announced its January 2010 Threatscape report showed a busy start to the new year with a continuous dominance of botnet malware activity, led by new variants of the ever-popular Bredolab downloader – which represented more than 40 percent of total malware activity for the month of January. In addition, there was a twofold increase of distinct malware from last period, marking the highest number of malicious code instances ever detected.
In-the-wild exploits also created a stir this period, with high-profile vulnerabilities targeting Adobe PDF and Microsoft Internet Explorer incurring peak activity levels. And, not to be left out, Bredolab received some competition this period from Buzus, a bot which functions similar to Bredolab, but seeds through its own mass mailing SMTP engine. Key threat activities for the month of January include:
• Aurora: Not the Sleeping Beauty – Active and Ugly: The highly publicized attacks on over 30 corporations, including Google, may share the same name as Sleeping Beauty; however, it’s anything but calm and beautiful. Code-named “Aurora” (actual identifier: CVE-2010-0249), the zero-day Internet Explorer vulnerability came out in mid-January and quickly sky-rocketed to fourth spot for malicious network activity this period, making it one of the top six ‘critical’ flaws identified. Aurora’s exploits, combined with botnet propagation and communications activities, made up the majority of top network attacks in January.
“There was certainly no shortage of threat activity this month, proving that 2010 will likely be another action-packed year. The amount of malicious code in the wild is increasing to available source and packing/obfuscation techniques, while in-the-wild exploits and emerging zero-day attacks targeting very popular software, like Microsoft IE and Adobe PDF, create a vulnerable environment for users – at every point of connectivity,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “As the monetary gains of these threats continue to prove value to the criminals creating them, we’ll only continue to see new and creative attacks take form. As an example, this month we disclosed a new web mailing engine breaking in the wild that can spew spam more effectively through popular services such as Gmail. It is yet another reminder to keep patches up-to-date and employ a layered security approach that protects users from every direction.”
FortiGuard Labs compiled threat statistics and trends for January based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.
To read the full January Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_january_2010.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.