October 2, 2009 | Bratislava | Press Releases

September - Rise of USB and Exchangeable Media-borne Threats

  • Eastern Europe still threatened most by variants of Conficker worm 
  • Clients in Slovakia, Israel or United Arab Emirates most often encounter USB-borne threats
  • More cases of Conficker in the Republic of South Africa than Russia

Win32/Conficker is the most widespread computer threat globally as confirmed by the September stats compiled from ESET‘s early warning system - ThreatSense.Net® that tabulates malware data received from millions of its clients. In September, Conficker accounted for 8.76% of all threats. As compared to the month of August, the share of threats INF/Autorun ranked second with 7.53%. Autorun.inf is a feature allowing for automatic execution of files stored on exchangeable media, such as USB devices upon their connection to a PC. On the contrary, we saw a slight decline when it comes to the occurrence of a mix of trojans targeting online gamers or virtual worlds, such as Second Life. Win32/PSW.OnLineGames has accounted for 6.36% of all detected threats, which is its second lowest share since the beginning of this year. A family of malware commonly referred to as Win32/Agent known for data stealing has placed fifth in the ranking, as has INF/Conficker, referring to variants of this worm exploiting the Windows OS autorun function.

Global threats based on ESET ThreatSense.Net® (September 2009)

<img src=Pictures/ThreatSense_09_2009.JPG</buxus-image> align="middle" width="530" height="290" />

EUROPE, MIDDLE EAST, AFRICA (EMEA)

Throughout September, the popularity of exchangeable media has contributed to the high occurrence of related threats in the Slovak Republic. INF/Autorun is the country‘s top threat with a share of 5.51%. A similar trend was registered also in Israel (4.99%), Latvia (4.97%) and Lithuania (5.44%).  Even higher share of USB-exploiting threats was registered in the United Arab Emirates – 7.36%.

The users in Czech Republic have encountered most often a trojan Win32/TrojanDownloader.Bredolab (4.25%). Bredolab installs additional malware into the user’s computer. Win32/Qhost is the top threat in Slovenia (2,96%). This threat copies itself to the %system32% folder of Windows before starting. Win32/Qhost can spread through e-mail and gives control of an infected computer to an attacker.  This group of Trojans modifies the host’s file in order to redirect traffic for specific domains.

In Denmark, Win32/Agent with 3.32% remained the most widespread threat throughout the month of September; in Sweden it registered 2.75%.

For the month of September, Win32/Sality has become the most prevalent piece of malware in Ireland.  Analysis of ESET ThreatSense.Net shows that this polymorphic infector has scored 7.39% of all malware detections in Ireland. Win32/Sality is renowned for its capability to infect executable files (EXE) found on the infected computer. Instead of deleting, infected files must be cleaned or restored from a backup. Traditionally, the variants of Conficker worm remain most widespread mainly in Eastern Europe, however, the September statistics registered a 100% increase in this dangerous worm also in the Republic of South Africa (18.51%). This share is even greater than in Russia (17.95%). Conficker managed to rank first also in Ukraine (27.03%), Romania (13.64%), Bulgaria (13.63%), Serbia (8.82%), but also in western European countries - Italy (7.51%), United Kingdom (5,50%) and Austria (2.83%).

Hungarian
malware statistics were dominated by downloader of additional various types of malware or adware  Win32/TrojanDownloader.Swizzor with a share of 7.39%. Poland was afflicted with a mixture of trojans designed to steal data from online games. Win32/PSW.OnLineGames has reached a 11.89% share in Poland, compared to 8.40% in France.

About ESET  

Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; San Diego, USA; Prague, CZ; Buenos Aires, AR; and has an extensive partner network in 180 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.