There was quite a bit of movement on the threat landscape this period, which I have summarized below. For more detail, our June 2009 Threat Landscape report can be found on Fortinet's FortiGuard Center.
Web threat traffic in general rose significantly, with a noticeable difference in Malware and Phishing. Looking at period over period growth from last report, Phishing and Malware web traffic growth was at the highest yet, both posting significant gains. These gains represent more volume directed towards malicious sites, an ongoing trend as we continue to pave the way into the next generation of online services and threats. In tune with an increase of web-borne malware, total malware detections have also been steadily increasing. While total malware detections have been increasing since March 2009, distinct volume (unique pieces of malicious code) detection remains relatively flat. Cyber criminals have been enjoying success by driving mass amounts of traffic to their threats, aided by a large online community utilizing a vast amount of vulnerable services.
Building off a year high active exploitation rate of 46.4% last report, 62 of 108 reported vulnerabilities this period had exploits launched against them. Over half of new reported vulnerabilities this period have been attacked, with a 57.4% active exploitation rate. This is certainly a disturbing trend: exploits typically are not easy to write, and take considerable time and effort - unless you have resources at your disposal. With more attacks being launched against vulnerabilities, shown through a very high active exploitation rate, users need to be extra cautious on where they direct their web browsers. Many attacks are launched through this vector; remember to apply patches to guard against attacks like poisoned documents.
Spam rates remained consistent in June, with no direct effect following an applaudable take-down of 3FN/Pricewert, another alleged spam-centric network. Last November, after the infamous McColo went down, we saw quite a dip in spam rates that took more than two months to recover. France took top spot for regional received spam, with Canada and Spain respectively entering in fourth and fifth position. The Canadian Pharmacy gang and other campaigns are frequently using simple HTM file attachments to hook users. The HTM files generally contain this content form: