Threatscape Report – May 2009 Edition

The following statistics are compiled from Fortinet’s FortiGate network security appliances and intelligence systems for the period April 21st – May 20th, 2009.

Table of Contents: Exploits and Intrusion Prevention Top 10 Exploitations & Regions New Vulnerability Coverage Malware Today Top 10 Variants Regions & Volume Spam and Email Threats Spam Rate & Regions Top 3 In The Wild Crawling the Web Web Traffic & Growth Activity Recap

FortiGuard Global Threat Research

Exploits and Intrusion Prevention

Top 10 Exploitations & Regions

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:

Rank	Vulnerability	Percentage	Severity
1	MS.DCERPC.NETAPI32.Buffer.Overflow	8.2	Critical
2	SSLv3.SessionID.Overflow	6.8	High
3	MS.Windows.NAT.Helper.DNS.Query.DoS	5.9	High
4	MS.Windows.MSDTC.Heap.Overflow	5.9	Medium
5	MS.Exchange.Mail.Calender.Buffer.Overflow	4.2	High
6	MS.SMB.DCERPC.SRVSVC.PathCanonicalize.Overflow	3.7	High
7	MS.SQL.Server.Empty.Password	3.0	High
8	MS.IE.HTML.Attribute.Buffer.Overflow	2.1	High
9	Multiple.Vendor.ICMP.Remote.DoS	1.7	Low
10	MS.Windows.ASN.1.Bitstring.Overflow	1.6	High

Figure 1a: Top 5 regions by detected exploit attempts

New Vulnerability Coverage

There were a total of 140 vulnerabilities added to FortiGuard IPS coverage this period. Of these added vulnerabilities, 65 were reported to be actively exploited (46.4%). Figure 1b breaks down added vulnerabilities by severity, coverage and active exploitation in the wild. For more information, observe the detailed reports for this period at: Intrusion Prevention – Service Update History

Figure 1b: New vulnerability coverage for this edition, categorized by severity

Malware Today

Top 10 Variants

Top 10 malware activity by individual variant. Percentage indicates the portion of activity the malware variant accounted for out of all malware threats reported in this edition. Top 100 shifts indicate positional changes compared to last edition’s Top 100 ranking, with “new” highlighting the malware’s debut in the Top 100. Figure 2 below shows the detected volume for the malware variants listed within the Top 5:

Rank Malware Variant Percentage Top 100 Shift 1 W32/Dropper.PTD!tr 34.5 +1 2 W32/Virut.A 7.7 -1 3 HTML/Iframe.DN!tr.dldr 4.2 +3 4 W32/Netsky!similar 3.2 +3 5 Adware/AdClicker 3.2 +4 6 HTML/Iframe_CID!exploit 3.0 +2 7 W32/PackWaledac.B 2.8 new 8 W32/MyTob.fam@mm 1.7 +2 9 W32/Delf.AYO!tr 1.2 +6 10 W32/Virut.E 1.1 +27

<img align=middle src=”http://www.fortigua URL: http://www.fortiguardcenter.com/reports/roundup_may_2009.html Posted in: Malware, Security. Tagged: AdWare · Email · Mail · Security · Vulnerabilities · Vulnerability ← 4104 4105 → Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * Comment Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Subscribe to our Feed via RSS Recent Posts Vulnerabilities in SimpNews Vulnerabilities in SimpNews Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability [ MDVSA-2010:000 ] firefox Achievo Scheduler Category HTML Injection Vulnerability Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability ffmpeg Categories Botnet Hacking Malware News Security Software Virus Archives July 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 March 2003 January 2003 Calendar February 2023 M T W T F S S   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28   Pages About Meta Log in Entries feed Comments feed WordPress.org © 2023 Security Hero | Powered by WordPress A WordPress theme by Ravi Varma