Posted by: paragon | October 12, 2008

Most-Reported Threats for September 2008

Rogue Security Apps Strike Again on Fortinet’s Most-Reported Threats for September 2008

Represents More Than 60 Percent of Month’s Malware Activity

SUNNYVALE, Calif. – Oct. 1, 2008 – Fortinet® – the pioneer and leading provider of unified threat management (UTM) solutions – today announced the top 10 most reported high-risk threats for September 2008. For the second consecutive month, rogue security applications have dominated cyberspace – this time with a vengeance – making up 61.5 percent of total activity for September. Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr – the most prolific variant of the rogue security Trojans – launched an all-out campaign with volumes not before observed by Fortinet researchers. Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.

Not surprisingly, with rogue security malware claiming the top four positions in this month’s Top 10 list, it also propelled the RogueSecurity family into the No. 1 position among malware family activities for the entire month. As they were in last month’s report, AntiVirus XP 2008 (55.5%) and XP Security Center (6%) were the two main applications that fronted the security scams in September.

“When we see unprecedented volume, as in the case of these rogue security applications, it usually indicates that the attacks are working and cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organization,” said Derek Manky, security researcher for Fortinet. “In order to not fall into these traps, consumers should ensure that the source of their security application purchases are legitimate. Consumers should look out for unsolicited system messages which typically claim to find hundreds of infections, followed by purchase requests to cleanse.”

Fortinet’s FortiGuard® Global Security Research Team compiled this report based on intelligence gathered from FortiGate® multi-threat security systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services are already protected against the threats outlined in this report.

Other malware trends observed during this period include the following:

  • Virut.A, a virus that infects executable files, remains strong, coming in seventh spot and bumped out of the top five for the fist time in seven months;
  • Goldun.AXT, a new Trojan keylogger, generated heavy volume to claim the sixth position;
  • Crypt.MV, part of the Pushdo family, clinches the final tenth spot.


Following are the Top Ten individual threats and Top Five threat families in September. Top 100 shifts indicate positional changes compared to August’s Top 100 ranking, with “new” representing the malware’s debut in the Top 100.

Top Ten Individual Threats

Rank Threat Name Threat Type % of Detections Top 100 Shift
1 W32/Inject.GZW!tr.bdr Trojan 38.1 new
2 W32/Inject.GZV!tr.bdr Trojan 6.7 new
3 W32/Multidr.JD!tr Trojan 4.3 -2
4 W32/Delf.BFC!tr.dldr Trojan 3.6 new
5 W32/Netsky!similar Mass Mailer 2.2 -2
6 W32/Goldun.AXT!tr.spy Trojan 2.1 new
7 W32/Virut.A Virus 2.0 -2
8 HTML/Iframe_CID!exploit Exploit 2.0 +1
9 W32/Dloader.BQY!tr Trojan 2.0 new
10 W32/Crypt.MV!tr Trojan 1.6 new

Top Five Families

Rank Malware Family Percentage Top 10 Shift
1 RogueSecurity 61.5 new
2 Netsky 3.5 -1
3 Goldun 3.5 new
4 Virut 2.5
5 OnlineGames 2.0 -3

To read the full September report, please visit: For ongoing threat research, bookmark the FortiGuard Center ( or add it to your RSS feed by going to To learn more about FortiGuard Subscription Services, visit

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.

About Fortinet (
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection–including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam — designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Antispam. Fortinet is privately held and based in Sunnyvale, California.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: