November 16, 2011 | Press Releases

October Threats: Mac hit by a small Tsunami; removable media malware tops ESET Live Grid Statistics

Last month, ESET’s research team has discovered a new  threat, which was originally designed for Linux, that now can infect Mac OS X. This is a modification of  Linux code originally called Linux/Tsunami and currently detected as OSX/Tsunami.A. In more malware news, the removable media oldtimers like INF/Autorun and Win32/Conficker still appear on top spots both in Europe and globally. However, backdoor Dorkbot has moved up to number two spot worldwide with a 3.12% infection rate. Statistics are based on ESET Live Grid data, cloud-based reputation technology that utilizes malware related data from users of ESET solutions worldwide.

The Mac OS X trojan dubbed as Tsunami is an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. It contains a hardcoded list of IRC servers and channels that attempts to connect to, and then the client listens and interprets commands from the channel. The backdoor can enable a remote user to download files, such as additional malware or updates to the Tsunami code, and also executes shell commands, giving it the ability to essentially take control of the affected machine.

“Two samples of the same code were found in different parts of the world, but with small modifications. Also, ESET's  telemetry data indicates that there are very few hosts infected with this malware which indicates that this malware is still in the process of testing. This threat does not have a big sophistication or complexity, so the risk to Mac users is limited,” says ESET’s Senior Malware Researcher Pierre-Marc Bureau.

Every month for the last several months, removable media malware has topped the stats and October was no exception. INF/Autorun was first in the world: 5.21% and in Europe 4.30%. INF/Autorun is a label that describes a variety of malware exploiting the autorun.inf file as a way to compromise a computer.  Win32/Conficker was third globally (2.63%) and fourth in Europe (1.99%) The Win32/Conficker is a network worm originally propagated by exploiting a vulnerability in the Windows operating system. Win32/Dorkbot is moving up steadily, now appearing as number two globally for October (3.12%). This removable media-spread malware contains a backdoor that allows it to be controlled remotely. The worm collects login user names and passwords when the unsuspecting user browses certain web sites. Then, it sends all the gathered information to a remote machine.

Global Threats According to ESET Live Grid® Statistics (October 2011)

EUROPE, MIDDLE EAST, AFRICA (EMEA)

INF/Autorun is a mainstay when it comes to malware and appears in the top position in the European threat statistics, also ranking as the most widespread malware in several European, African and Middle-Eastern countries including South Africa (8.33%), Israel (4.92%) and Ukraine (3.76%). Win32/Conficker was yet again the fastest spreading malicious code in Bulgaria (5.15%). European number two Win32/Autoit has been a top spot in Turkey for the last several months, including in October with incredible 14.57% infection rate. Number three HTML/ScrInject.B.Gen has been recorded in top five of several in western European countries including  Sweden (6.93%); Norway (5.85%),  Finland (5.42%), United Kingdom (4.63%), France (2.96%) or Spain (1.82%).

Threats in Europe According to ESET Live Grid® Statistics (October 2011)

About Live Grid®

Live Grid® is ESET’s cloud-based malware collection system utilizing data from users of ESET solutions worldwide.  This continual streaming of information provides ESET Malware Lab specialists with  real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates   ̶ to protect its users against tomorrow’s threats.

About ESET

Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. The Company pioneered, and continues to lead, the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET NOD32 Antivirus, ESET Smart Security and ESET Cybersecurity for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries.