Critical Threats, Bad AV Haunted October
A vast majority of the world's most prevalent malware attacks ranked high-risk/critical, or severely dangerous, on researchers' threat rankings during the month of October.
According to the latest trends report issued by security gateway maker Fortinet, some 14 of the world's 18 most active exploits during Oct. rated as critical or extremely high-risk.
Conventional wisdom would assert that the month's malware traffic patterns suggest that widespread attacks continue to grow in their severity, but only time will tell.
Among the most frequently observed threats during the timeframe were a number of time-honored attacks, including the Storm Worm Trojan and Slammer Worm viruses.
Overall, Fortinet reported that the top ten most active exploits during the month were:
Trojan.Storm.Worm.Krackin.Detection Worm.Slammer PhpInclude.Worm.B invalid_length TCP.Bad.Flags
SSH.Brute.Forcer invalid_encoding large_fragsize Danmec.Asprox.SQL.Injection chunk_overflow
By individual variant, the top ten for the month broke down as:
Fortinet also reported that fake AV programs, one of the most popular social engineering formats for cyber threats in recent times, were also dominant during the month, claiming the top slot over all other breeds of attack.
Since totaling a mere 10 million samples intercepted by the vendor during April 2008, the threats accounted for well over 30 million examples during October, the company said.
On the other hand, spam e-mail dropped notably during Oct., falling by 10 percent compared to the month before, according to the report. However, the company did not offer any potential explanation for why the overall volume of unsolicited dipped so dramatically.
We'll see if these patterns hold up.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.