March 12, 2009 | Bratislava | Press Releases

When Popularity Becomes Exploited: Infiltrations via USB Devices on Rise

Authors Tweaking Malware to Spread via Portable Media

The popularity of exchangeable media and their use for transfer of data between computers is linked with higher occurrence of computer threats, as malware writers use them as vectors of infiltration. This dangerous trend has also been recently corroborated by the February findings of ThreatSense.Net® - ESET‘s global statistical system for logging malware. The system allows millions of users of ESET’s solutions to voluntarily submit information about infiltrations detected in their computers. This data is subsequently stored in a database, providing ESET antivirus specialists with a global overview of the occurrence and spread of all types of infiltrations.

As ESET’s ThreatSense.Net® records indicate, throughout February 2009, the top-ranking threat was represented by a family of Trojans dubbed Win32/PSW.OnLineGames, with 7,33% share. This type of malware, complete with keylogger and rootkit capabilities poses a threat mainly for online gaming clients. The writers of this malicious code approach malware writing as a serious business where virtual identities are traded for profit. The perpetrators of these attacks were able to achieve a high level of success due to the sophistication of their exploits, employing a wide range of social engineering tactics to carry out phishing. A class of trojans commonly known as data stealers - are their tools of choice, targeting online gaming parlors. For the malware‘s propagation, they rely on the popularity of exchangeable media.

Also, another class of INF/Autorun that has registered 6,44% share of overall infiltrations, ranked second on ESET’s list. Third place went to a newly-occurring threat that surfaced toward the close of 2008 and has wreaked havoc on computer networks in U.K hospitals. The Worm Win32/Conficker.AA, with 5,38% ratio of occurrence uses shared files and exchangeable media, such as USB keys to spread. To break into a computer, it takes advantage of an unpatched operating system and the Autorun function (autorun.inf) - allowing for automatic opening of exchangeable media upon their plugging into PC. To prevent this vector of attack, an OS patch is available since October 2008, however, millions of users have not downloaded it as yet, leaving themselves exposed. On its websites, ESET provides its clients with Conficker removal tool that takes neutralizes this harmful infiltration.

Yet another type of malware - Win32/Agent, with 3,67% of occurrence remains among top threat for the month of February. It is of a family of infiltrations with the ability to steal data. 5th place in the global threat ranking is occupied by a worm dubbed Win32/Conficker.A, exploiting OS vulnerability. In contrast to its more widespread cousin - Win32/Conficker.AA that placed 3rd on the list - it does not spread via exchangeable media.

 

Top Global Threats in February 2009 (ThreatSense.Net)

<img src=Pictures/TS02.JPG</buxus-image> align="left" />

Online Gaming Identity Theft Afflicting Large European Countries

Throughout the month of February, Worms, such as WIn32/Agent and Win32/Agent.NFL were among the most frequent threats afflicting PC users across Europe, including the Czech Republic, Germany, Finland, Lithuania and Latvia.

Yet another type of malware, namely WMA/TrojanDownloader.GetCodec.Gen has been dominant across a sizable portion of the continent, appearing in Austria, Sweden, Denmark, Switzerland, Greece, the Netherlands, Italy and Hungary.

The high detection rate of Win32/Conficker.AA,- in excess of 10 percent - was commonplace in Eastern Europe, including Russia, Ukraine and Romania, however, the worm has spread across most European countries, ranking high on the threat list in Bulgaria and Spain (2nd place); Italy (4th place); Hungary (6th place), Austria (7th place), Lithuania (8th place). Moreover, it ranked 10th in both Great Britain and Czech Republic. In contrast, Conficker did not make even the top 20 list in Slovakia.

Being the most wide-spread threat globally (mostly afflicting Asian countries) it was able to achieve high infiltration rates especially in large European countries, such as Poland (8,93%); France (8,06%) and Spain (6,95%).