Security Hero Rotating Header Image

Threatscape Report – May 2009 Edition

Threatscape Report – May 2009 Edition

The following statistics are compiled from Fortinet’s FortiGate network security appliances and intelligence systems for the period April 21st – May 20th, 2009.

Table of Contents:


FortiGuard Global Threat Research

Exploits and Intrusion Prevention


Top 10 Exploitations & Regions

Top 10 exploitation attempts detected for this period, ranked by vulnerability traffic. Percentage indicates the portion of activity the vulnerability accounted for out of all attacks reported in this edition. Severity indicates the general risk factor involved with the exploitation of the vulnerability, rated from low to critical. Critical issues are outlined in bold:

Rank Vulnerability Percentage Severity
1 MS.DCERPC.NETAPI32.Buffer.Overflow 8.2 Critical
2 SSLv3.SessionID.Overflow 6.8 High
3 MS.Windows.NAT.Helper.DNS.Query.DoS 5.9 High
4 MS.Windows.MSDTC.Heap.Overflow 5.9 Medium
5 MS.Exchange.Mail.Calender.Buffer.Overflow 4.2 High
6 MS.SMB.DCERPC.SRVSVC.PathCanonicalize.Overflow 3.7 High
7 MS.SQL.Server.Empty.Password 3.0 High
8 MS.IE.HTML.Attribute.Buffer.Overflow 2.1 High
9 Multiple.Vendor.ICMP.Remote.DoS 1.7 Low
10 MS.Windows.ASN.1.Bitstring.Overflow 1.6 High


Figure 1a: Top 5 regions by detected exploit attempts


New Vulnerability Coverage

There were a total of 140 vulnerabilities added to FortiGuard IPS coverage this period.
Of these added vulnerabilities, 65 were reported to be actively exploited (46.4%).

Figure 1b breaks down added vulnerabilities by severity, coverage and active exploitation in the wild.

For more information, observe the detailed reports for this period at:


Figure 1b: New vulnerability coverage for this edition, categorized by severity

Malware Today


Top 10 Variants

Top 10 malware activity by individual variant. Percentage indicates the portion of activity the malware variant accounted for out of all malware threats reported in this edition. Top 100 shifts indicate positional changes compared to last edition’s Top 100 ranking, with “new” highlighting the malware’s debut in the Top 100. Figure 2 below shows the detected volume for the malware variants listed within the Top 5:

Rank Malware Variant Percentage Top 100 Shift
1 W32/Dropper.PTD!tr 34.5 +1
2 W32/Virut.A 7.7 -1
3 HTML/Iframe.DN!tr.dldr 4.2 +3
4 W32/Netsky!similar 3.2 +3
5 Adware/AdClicker 3.2 +4
6 HTML/Iframe_CID!exploit 3.0 +2
7 W32/PackWaledac.B 2.8 new
8 W32/MyTob.fam@mm 1.7 +2
9 W32/Delf.AYO!tr 1.2 +6
10 W32/Virut.E 1.1 +27
<img align=middle src=”http://www.fortigua

URL: URL:

Powered by WP Hashcash

Spam Protection by WP-SpamFree

Bad Behavior has blocked 542 access attempts in the last 7 days.