Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Botnets Battle for First Place in Fortinet’s November 2009 Threatscape Report

  • 10 December, 2009 16:21

<p>Fortinet® (NASDAQ: FTNT) – a leading network security provider and worldwide leader of unified threat management (UTM) solutions – today announced that Fortinet’s November 2009 Threatscape report showed consistent highs in overall malware detected, marking the third month of significantly increased activity.</p>
<p>Contributing to the high volume this period were new variants of Pushdo/Cutwail, which achieved the number one and two positions in the top 10 malware list. Not far behind, ZBot and Scareware remained active, borrowing popular and successful social engineering and spam tactics to gain ground. iPhone threats were also very active in November with four new attacks reported.</p>
<p>Key highlights of the November Threatscape report include:</p>
<p>• Battle of the Bots: Pushdo is back. Bredolab may have taken the fame and glory with high placement in the October top malware list, but in November it lost the botnet fight to Pushdo/Cutwail which accounted for 30 percent of total malware activity, nearly double last month’s Bredolab and Scareware daily records.</p>
<p>The Pushdo botnet is commonly known to download the Cutwail Trojan, among other components, and uses simple trickery in the form of social engineering hooks and spam to lure in victims. Once downloaded, Cutwail mass mails new spam templates – pirated software and pharmacy spams – which like scareware, comes with an alluring profit margin due to affiliate programs.</p>
<p>• Spam Stirs up New Scams. Spam campaigns took on new forms this period, with ZBot driving high levels of activity for the second consecutive month and a new Trojan-seeding downloader, Sasfis, prevalent through at least three distinct spam campaigns.
Ranking at number three and number 10 of the top malware list, Sasfis variants used the subjects ‘payment request,’ ‘mailbox has been deactivated’ and ‘Facebook updated account agreement’ to spam users with a .zip attachment that contains the Trojan.</p>
<p>Multiple ZBot attacks were observed, each carrying distinct social engineering tactics. One used an H1N1 scare tactic to lure users to a web site serving ZBot, while another attached the malicious bot disguised as a balance-checking tool for Verizon Wireless. Combined with the prominence of Cutwail, November experienced a peak in spam activity.</p>
<p>• New Attacks to Keep You on your Toes: iPhone threats were in full force this period with four new attacks exploiting jailbroken iPhone devices: (1) malware targeted at Dutch-speaking iPhone users for ransom money, (2) a tool that steals SMS contacts (HackerTool/iPhoneStealer), (3) a worm that changes the background image and (4) another worm that attempts to steal banking credentials (iPhoneOS/Eeki).</p>
<p>“For the last few months we’ve reported record highs in the overall volume of malware and daily attacks, with threat levels continuing to top that of the previous month. Botnets like Pushdo/Cutwail continue to evolve, placing emphasis on obfuscation and encryption. In addition, old tricks simply leverage new layers of complexity to further penetrate systems while cyber criminals test the waters by exploiting smart phones,” said Derek Manky, project manager, cyber security and threat research, Fortinet.</p>
<p>Manky continued, “We’re seeing innovation at its scariest, as hackers remain committed to evolving their scams and developing new approaches. Enterprises must bring the same level of commitment to security – update software, employ valid intrusion prevention systems and layer security within and around the network– in order to guard against the new vulnerabilities and zero-day attacks that rise to the surface each month.”</p>
<p>FortiGuard Labs compiled threat statistics and trends for November based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.</p>
<p>To read the full November Threatscape report which includes the top threat rankings in each category, please visit:</p>
<p>For ongoing threat research, bookmark the FortiGuard Center ( or add it to your RSS feed by going to Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog at To learn more about FortiGuard Subscription Services, visit</p>
<p>FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help enable protection against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which are designed to enable Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail™ and FortiClient™ products.</p>
<p>About Fortinet (</p>
<p>Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2009 Fortune Global 100. Fortinet’s flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet’s broad product line goes beyond UTM to help secure the extended enterprise – from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.
<p>Copyright © 2009 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiDB and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements.</p>
<p>Media Contact:
Sebastian Rice,
02 9959 1991,,</p>

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place