Fortinet report maps Internet threats

The major development in malware in 2013 was the rise of ransomware, mostly on Windows desktops but also on Android devices.
Written by Larry Seltzer, Contributor

Much of the contents of Fortinet's 2014 Threat Landscape Report is unsurprising and par for the course these days. But if anything stands out, it was the resurgence of "ransomware" in 2013. On desktops, Cryptolocker made many users wish they had been more diligent about backing up.

There was good news in 2013: Several high-level malware perps were taken in by the authorities, including the purported creator of the Blackhole Exploit Kit; a financial malware operator, who authorities claim took in over $100 million over a five year period, was arrested in Thailand; and Ukrainian police arrested a group of 21 cybercriminals responsible for the highly successful Carberp banking trojan.

Malware events plummeted in August in large part because in July, Symantec took down much of the ZeroAccess botnet, "The Most Prolific Botnet of the Year" according to Fortinet. It wasn't even close: 88.65 percent of botnet traffic was from ZeroAccess. Unfortunately, before long the malware ecosystem recovered back to earlier levels.

Fortinet's list of the top 10 malware families in 2013 (based on the number of reported incidents):

  1. W32/ZeuS(Zbot) Family
  2. W32/Tepfer Family
  3. JS/FBJack.A
  4. PDF/Script.JS
  5. W32/ZeroAccess Family
  6. W32/Kryptik Family
  7. JS/IFrame Family
  8. W32/Yakes.B
  9. X97M/Agent.F
  10. W32/Blocker Family

The threat of mobile malware has long been a running joke, as antivirus companies have always been more concerned about it than ordinary users. Whether it's a real threat worthy of users' attention is one thing, but another thing is clear, as documented by Fortinet: There is a lot of mobile malware out there, and nearly all of it, specifically 96.5 percent, is written for Android.

The scariest one in the report is the Fake Defender malware (FortiGuard Labs detects this as Android/FakeDefend.A!tr). The ransomware app presents as an antivirus program, although it has no actual antivirus capability and merely displays static indications that your device is infected with malware. If the user grants all the permissions it requests, including Device Administrator rights, then it's game over.

Fake Defender will shut several system processes, including actual security products, "clean the malware" and then make the system unusable. The user is told (see nearby image) that they need to purchase the full version in order to complete the process. The punch line? If you give it your credit card number it still won't remove itself. Fake Defender may be the scariest, but it's not especially common. And while nearly all Android malware comes from third party sites, reports indicate that more is getting through into the Google Play Store.

The Fortinet report also discusses the state of spam and malicious web sites.

In other news, Fortinet also announced an update to the FortiOS operating system which runs their FortiGate appliances. FortiOS 5 will deliver greatly improved SSL inspection performance, better reporting and smoother integration with other Fortinet components.

The FortiOS 5/FortiAnalyzer 5 updates, FortiAuthenticator-1000D,and FortiSandbox 1.2 software update are available now. FortiAnalyzer-3500E and FortiSandbox-1000D are expected in the second quarter of this year.

Editorial standards