The first threat report of 2011 is up, you can find the full report on our FortiGuard Center. Below is a recap of events:
There was a sharp incline in exploit activity for new vulnerabilities this period: we detected attempted exploit activity on 61% of new vulnerabilities covered by FortiGuard Labs. Typically this rate falls between 30-40%. Nearly 1/2 of those vulnerabilities rated as 'Critical' (remote code execution) were attacked. As an ongoing reminder, it is imperative to help secure systems against such exploitation by keeping all software up to date with the latest patches, as well as having a valid IPS solution in place to help protect against exploit code. FortiGuard Labs discovered and reported three zero-day vulnerabilities in the last month to Microsoft and Adobe. For an overview of all outstanding zero-day vulnerabilities, please refer to our Upcoming Advisory page. Signatures are created in advance for such zero-day vulnerabilities whenever it is possible. Microsoft issued a zero-day advisory on December 22nd, 2010, that outlines an in-the-wild exploit against Internet Explorer (CVE-2010-3971). As of writing this vulnerability still remains in a zero-day state. FortiGuard IPS detects this threat as ''MS.IE.CSS.Self.Reference.Remote.Code.Execution" - for more information, see our advisory here.
From December 27th, 2010, to January 10th, 2011, we saw another significant decline in global spam rates (about 20%). We reported on a large drop back in November 2010, due to a Bredolab botnet being taken offline. Spam rates began to climb back to their regular form by mid-December, however. This time it looks like Rustock was to thank for the decline - the botnet dedicated this time slot to generating cash through affiliate-based business models in lieu of spam campaigns. Spam rates have started to rise again after Rustock received commands to recommence its spam routines. In both the cases of Bredolab and Rustock, we saw a notable impact on global spam rates - Bredolab dropping spam rates roughly 12%, and Rustock roughly 20%, indeed showing the impact a single botnet can have on spam worldwide.