The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements
|Fortinet Announces March '09 Threatscape Report|
|Posted: Mon Apr 06, 2009 02:23:00 PM|
New Infector Tops the Chart and Conficker Looms Large
SUNNYVALE, Calif., Apr. 1, 2009 - Fortinet®- a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions - today announced findings from its March 2009 Threatscape Report, which is characterized by a persistent virus and a notorious worm. Fortinet?s FortiGuard® Global Security Research team made the following observations in March:
* On top at last: After a year long battle, W32/Virut.A finally lands in the top spot - surpassing Netsky. This parasitic file infector proves to be quite virulent and has generated enough activity to land in our malware top 10 for twelve solid months. On top of infecting multiple local files on a PC, the virus can spread through file shares and/or removable media such as USB thumb drives. Additionally, it has a rather unique capability to propagate through other worms in a hybrid form. More information on this can be found here: http://blog.fortinet.com/virut-infecting-worms-hitching-a-ride/.
* Fickle Conficker: The notorious worm which has made headlines across the world continues to evolve with a new variant, Conficker.C. While it remained in fourth position in our Top 10 Exploitation list, exploit activity of MS08-067 (detected by FortiGuard IPS as ?MS.DCERPC.NETAPI32.Buffer.Overflow?) actually decreased since we recorded a peak of activity on February 12th, 2009. Even with slightly deflated exploit levels, the worm has established a strong global foothold and, with the development of Conficker.C, the authors intend for it to stick around for a while. Conficker.C is quite simply more robust and effective - it boasts a new domain generation algorithm, and uses an enhanced cryptographic hash function (MD6) to validate the authenticity of its own malicious code. Most notably, after April 1st, 2009 it will attempt to communicate with a larger set of rendezvous points than previous variants used. Conficker is best blocked through layered defense, such as intrusion prevention, Web content filtering, and antivirus. Fortinet will continue to monitor this threat in the labs.
"It is yet to be seen what happens with Conficker after April 1st, though it should be pointed out that this code simply becomes active on that date and will remain active afterwards," said Derek Manky, project manager, cyber security and threat research, Fortinet. "Given the amount of attention Conficker has received, it?s likely the authors will attempt any sort of strike at a later date when it is less anticipated - and more Conficker.C variants have been spread. That said, always be aware and keep your protection up to date."
The FortiGuard research team compiled threat statistics and trends for March based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet?s FortiGuard Subscription Services should already be protected against the threats outlined in this report.