SOURCE: Fortinet

October 01, 2007 12:00 ET

Fortinet Announces Top Reported Threats for September 2007

SUNNYVALE, CA--(Marketwire - October 1, 2007) - Fortinet® -- the pioneer and leading provider of unified threat management (UTM) solutions -- today announced the top 10 most reported high-risk threats for September 2007. The report, compiled from all FortiGate™ multi-threat security systems in production worldwide, is a service of the Fortinet Global Security Research Team.

September 2007's top 10 threats, as determined by the degree of prevalence are:

Rank    Threat Name               Threat Type     % of Detections
1       Adware/CashOn             Spyware         13.86
2       W32/Netsky.P@mm           Mass mailer     9.85
3       HTML/Iframe_CID!exploit   Exploit         7.30
4       W32/ANI07.A!exploit       Exploit         5.04
5       HTML/Obscured!exploit     Exploit         5.02
6       W32/Dialer.PZ!tr          Trojan          2.55
7       W32/Grew.A!worm           Worm            2.49
8       W32/Bagle.DY@mm           Mass mailer     2.30
9       W32/Virut.fam             Virus           2.06
10      W32/Dloader.K!tr          Trojan          1.98

The September top 10 highlights the following:

--  CashOn reaches the top of the list this month, moving from last
    month's fourth place. The adware toolbar plugin has almost doubled in
    volume since August and is far ahead of the rest of the top 10 in terms of
--  Obscured!exploit continues to gain momentum, though not as fast as
    CashOn. This malware is part of the top ten for the second consecutive
    month with a 10 percent increase in its level of activity compared to

As stated earlier, the most notable threat in September's top 10 is CashOn, an adware toolbar plugin that first made its mark on the list last month. The adware has experienced an activity increase of almost ten-fold within the last two months, achieving a 90 percent growth rate. Similar to last month, the FortiGuard Global Security Research Team noticed distribution peaks twice a week, specifically on Mondays and Wednesdays, with 99.8 percent of all activity primarily occurring in Korea.

CashOn is adware that can be installed without the user's permission. Once downloaded or automatically ran through exploits, it becomes part of the user's Web browser. CashOn can hijack the browser's settings by changing configurations, such as the user's homepage. As a result, each time a user loads up his/her browser, he or she will be directed to the homepage of CashOn in Korea.

CashOn resides on a Korean top-level Web site domain and acts as a gateway to various other Korean-based shopping sites. An initial visit to CashOn's portal exposes the user to neatly displayed e-commerce sites offering low priced items. When the user clicks on the displayed links to other shopping sites, they are tracked so that any purchase can be traced back to CashOn. In fact, the various website URLs all target the same Korean locale and maintain stateful information so that CashOn can collect on all referrals that passed through.

"The financial outlook of a thriving e-commerce market, polluted by an adware like CashOn, is substantial. In order to make profits from this business, there is a need for exposure, which requires an effective seeding strategy. The dominant seeding of CashOn suggests that there may have been more players behind this distribution campaign, who are being compensated for their efforts to spread this adware at haste," said Derek Manky, Fortinet security research engineer. "In turn, this could foreshadow the surface of another related variant or strain, raising an eyebrow to security concerns. Users need to continue to educate themselves on these types of threats to ensure that they have the necessary protection to guard against future outbreaks."

To read the full September report, please visit For ongoing threat research, bookmark the FortiGuard Center ( or add it to your RSS feed by going to To learn more about FortiGuard Subscription Services, visit

About Fortinet (

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection -- including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.

Fortinet is a registered trademark of Fortinet, Inc. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks of the Fortinet, Inc. in the United States and/or other countries. All other trademarks referred to herein are the property of their respective owners.

Contact Information