Bangkok--10 Apr--Spark Communications
Fortinet - a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions - today announced findings from its March 2009 Threatscape Report, which is characterized by a persistent virus and a notorious worm. Fortinet’s FortiGuard Global Security Research team made the following observations in March:
On top at last: After a year long battle, W32/Virut.A finally lands in the top spot - surpassing Netsky. This parasitic file infector proves to be quite virulent and has generated enough activity to land in our malware top 10 for twelve solid months. On top of infecting multiple local files on a PC, the virus can spread through file shares and/or removable media such as USB thumb drives. Additionally, it has a rather unique capability to propagate through other worms in a hybrid form. More information on this can be found here: http://blog.fortinet.com/virut-infecting-worms-hitching-a-ride/.
Fickle Conficker: The notorious worm which has made headlines across the world continues to evolve with a new variant, Conficker.C. While it remained in fourth position in our Top 10 Exploitation list, exploit activity of MS08-067 (detected by FortiGuard IPS as ‘MS.DCERPC.NETAPI32.Buffer.Overflow‘) actually decreased since we recorded a peak of activity on February 12th, 2009. Even with slightly deflated exploit levels, the worm has established a strong global foothold and, with the development of Conficker.C, the authors intend for it to stick around for a while. Conficker.C is quite simply more robust and effective - it boasts a new domain generation algorithm, and uses an enhanced cryptographic hash function (MD6) to validate the authenticity of its own malicious code. Most notably, after April 1st, 2009 it will attempt to communicate with a larger set of rendezvous points than previous variants used. Conficker is best blocked through layered defense, such as intrusion prevention, Web content filtering, and antivirus. Fortinet will continue to monitor this threat in the labs.
“It is yet to be seen what happens with Conficker after April 1st, though it should be pointed out that this code simply becomes active on that date and will remain active afterwards,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “Given the amount of attention Conficker has received, it’s likely the authors will attempt any sort of strike at a later date when it is less anticipated - and more Conficker.C variants have been spread. That said, always be aware and keep your protection up to date.”
The FortiGuard research team compiled threat statistics and trends for March based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.
To read the full March Threatscape report which includes the top threat rankings in each category, please visit: http://www.fortiguardcenter.com/reports/roundup_mar_2009.html. For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail? and FortiClient? products.
About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Antispam. Fortinet is privately held and based in Sunnyvale, California.
For further press information or pictures please contact:
Kalayapas or Parritta
Spark Communications
Tel: 02 653 2717-9
Email: [email protected] or [email protected]