Fortinet Announces Top Reported Threats for June 2007

Fortinet® - a pioneer and leading provider of unified threat management (UTM) solutions - today announced the top 10 most reported high-risk threats for June 2007. The report, compiled from all FortiGate™ multi-threat security systems in production worldwide, is a service of the Fortinet Global Security Research Team.

June 2007's top 10 threats, as determined by the degree of prevalence are:

 

Rank	Threat Name	Threat Type	% of Detections
1	W32/Dialer.PZ!tr	Trojan	13.43
2	W32/Bagle.DY@mm	Mass mailer	10.05
3	W32/Netsky.P@mm	Mass mailer	7.11
4	HTML/Iframe_CID!exploit	Exploit	5.90
5	W32/ANI07.A!exploit	Exploit	3.52
6	W32/Grew.A!worm	Worm	3.50
7	W32/Bagle.GT@mm	Mass mailer	2.43
8	W32/Sober.AA@mm	Mass mailer	1.98
9	W32/Stration.JQ@mm	Mass mailer	1.89
10	W32/Sality.Q	Virus	1.75

The June top 10 highlights the following:

• The Top 10 remains fairly consistent, with Grew.A, Bagle.GT, Sober.AA, Stration.JQ and ANI07.A keeping similar relative positions.
• New to the top ten is Sality.Q coming in at the bottom to fill the void left by the departure of the BankFraud.E phishing attack from the Top 10.
• ANI07.A, a mainly web-based exploit, is more notable this month since the vulnerability has been patched yet continues to maintain last month's pace.

The most notable threat in the June top 10 is Dialer.PZ, as the bot-embedded dialer once again takes the reigns, besting W32/Bagle.DY@mm and Netsky.P@mm. Last month the Fortinet Global Security Research Team reported on the life cycle of W32/Dialer.PZ!tr, which spanned from dynamic design, assembly line manufacturing and intelligent statistic reporting to geographic deployment strategy and payload. W32/Dialer.PZ!tr kicked off June exactly where it left off last month, streaming primarily across Mexico and the USA at a torrential pace thanks to the continued aggressive distribution campaign. The threat has been spotted in many other regions across the globe as well.

"These seasoned malware creators seem to have been inspired by the prospects of an infectious summer, and as a result have been busy packing," said Derek Manky, Fortinet security research engineer. "Rest assured, however, these attackers are not packing their bags to leave for a summer vacation -- they have merely wrapped up their malicious creation in a package which they hope will not be inspected by the cyber sentries while trying to cross over virtual borders."

Manky also reports that the malware creators had changed a component in their creation process by packing W32/Dialer.PZ!tr with a new variation of the popular run-time packer UPX. The first recorded sample stamped by the malware creators using this new packer was created on June 21, 2007.

To read the full June report, please visit: http://www.fortiguardcenter.com/reports/roundup_jun_2007.html For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html To learn more about FortiGuard Subscription Services, visit: http://www.fortinet.com/products/fortiguard.html

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and market-leading provider of ASIC-accelerated unified threat management systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, Web content filtering, VPN, spyware prevention and antispam--providing customers a way to protect multiple threats as well as blended threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by the ICSA (firewall, antivirus, IPSec, SSL, IDS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.