The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements
|Latest Fortinet Threat Landscape Research Shows Re-Emergence of Torpig Botnet|
|Posted: Wed Apr 13, 2011 04:28:42 PM|
SUNNYVALE, Calif., April 13, 2011
SUNNYVALE, Calif., April 13, 2011- Fortinet® (NASDAQ: FTNT) - a leading network security provider and the worldwide leader of unified threat management (UTM) solutions - today announced its latest 30-day Threat Landscape research, which showed the re-emergence of the Torpig botnet, accounting for 30 percent of new botnet activity. Most command and control detections for Torpig originated from machines in Russia and Sudan. By comparison, the Hiloti botnet accounted for roughly 15 percent of new botnet traffic - the majority of which was found in Australia and Sweden.
"The rigid Torpig botnet has been around for years and typically spreads through infected Web pages installed with a rootkit (mebroot) that infects a system right from the master boot record," said Derek Manky, senior security strategist at Fortinet. "Since this compromises the chain of trust from the get-go, mebroot has the ability to bypass personal firewalls through the operating system. Gateway security can mitigate this threat by blocking mebroot related traffic."
Spam rates continue to remain lower than average at about 30 percent following the takedown of the Rustock botnet in March. While rates remain low, the number of spamming IPs (machines) has not taken a large drop. Most spamming IP addresses observed were geolocated to machines in the U.S., India and Brazil.
"Oftentimes machines are infected with multiple viruses or botnets that can continue to send spam and siphon data, despite one threat being mitigated," Manky said.