SOURCE: Fortinet

March 05, 2009 12:00 ET

Fortinet Announces February '09 Threatscape Report

A Super Worm, an Emerging Botnet, a Sexy Mobile Threat Top February Trends

SUNNYVALE, CA--(Marketwire - March 5, 2009) - Fortinet® -- a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced its February 2009 Threatscape Report, which shows activities by a super worm, an emerging botnet, a sexy mobile threat and a steady uptick in spam, featuring Valentine's- and economy-related themes. Additional insights about this month's trends are noted below:

--  Exploits in high volume, but a little less active: most notable was a
    three-fold increase in the number of vulnerabilities; however, the active
    exploit rate was down to 25.6 percent from 30.2 percent last month.
    Conficker, the latest super worm to spread around the Internet, is still
    running strong. Fortinet systems showed exploitation of the well-known MS08-
    067 vulnerability, displaying the highest recorded activity to date on
    February 14th, 2009. As of this writing, volume levels are still quite
--  Malware stable and steady: activity level remains similar to last
    month with no new variants introduced in the Top 10 for two consecutive
    months. Waledac, a relatively new botnet in town, went on a long run using
    a Valentine's Day campaign to dupe users into downloading a malicious
    executable which was a copy of the Waledac Trojan. The campaign used a
    variety of domain/sub domain names, safe-haven registrars and fast flux. As
    of this writing, the campaign is still alive but is using a different theme
    dubbed as the 'Couponizer.' The U.S. was the top recipient of malware
    activity regionally, with 51.07% of worldwide activity. Japan (42.11%),
    China (22.26%), India (21.62%) and Canada (19.91%) made up the rest of the
    top 5 regions.
--  Mobile threats taking shape: after new variants of Flocker surfaced in
    January, targeting accounts with Indonesian operators, Fortinet reported on
    Yxes.A in February -- the latest SymbianOS threat -- aka "Sexy View." While
    mobile threats are certainly low profile in terms of prevalence (compared
    to non-mobile threats), this is an area to monitor with the growing
    adoption of 3G networks and the increased use of handheld devices. The
    biggest threat posed by SymbOS/Yxes.A is its ground-breaking propagation
    function; with the capability to spread through SMS by providing malicious
    URLs, a bridge is created from mobile telecommunications to the Internet.
    In turn, this opens up a range of possibilities, effectively allowing the
    authors more control over their creation. With more control and
    functionality added, Yxes.A indicates that we may not be far away from a
    mobile botnet.
--  Spam levels remained consistent: spam rates in February peaked at 55
    percent of the global email rate, inching back up from a sharp decrease
    late 2008, due largely to the McColo take-down in November 2008. Cyber
    criminals could not let Valentine's Day pass without the requisite eCard
    spam campaign (courtesy of Waledac this year). In addition, phishing and
    scam emails are as popular as ever in play with the economic crisis, as
    Fortinet's spam traps harvested loan and job scams showing up in localized
    languages to various regions. Highest spam rates by region are as follows:
    U.S. (22.16%), Japan (10.69%), Taiwan (10.63%), Italy (7.35%) and Canada

"The economy will likely remain a strong theme in upcoming months as cyber criminals tap into fear-mongering tactics to take advantage of the global economic downturn; in the criminal underworld, both online and off, illegitimate jobs are created as legitimate ones are eliminated," said Derek Manky, project manager, cyber security and threat research, Fortinet. "Mobile threats are also likely to be a recurring theme. We are just starting to see the tip of the iceberg in this threat vector with the latest SymbianOS threat, Sexy View, but we predict much more to come as criminals redirect their focus with the growth of mobile platforms, applications and broader bandwidth."

The Fortinet FortiGuard® Global Security Research team compiled threat statistics and trends for February based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet's FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full February Threatscape report which includes the top threat rankings in each category, please visit: For ongoing threat research, bookmark the FortiGuard Center ( or add it to your RSS feed by going to Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at To learn more about FortiGuard Subscription Services, visit

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate®, FortiMail™ and FortiClient™ products.

About Fortinet (

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection -- including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Antispam. Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2009 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiDB and FortiWeb.

Contact Information