September - Rise of USB and Exchangeable Media-borne Threats
- Eastern Europe still threatened most by variants of Conficker worm
- Clients in Slovakia, Israel or United Arab Emirates most often encounter USB-borne threats
- More cases of Conficker in the Republic of South Africa than Russia
Win32/Conficker is the most widespread computer threat globally as confirmed by the September stats compiled from ESET‘s early warning system - ThreatSense.Net® that tabulates malware data received from millions of its clients. In September, Conficker accounted for 8.76% of all threats. As compared to the month of August, the share of threats INF/Autorun ranked second with 7.53%. Autorun.inf is a feature allowing for automatic execution of files stored on exchangeable media, such as USB devices upon their connection to a PC. On the contrary, we saw a slight decline when it comes to the occurrence of a mix of trojans targeting online gamers or virtual worlds, such as Second Life. Win32/PSW.OnLineGames has accounted for 6.36% of all detected threats, which is its second lowest share since the beginning of this year. A family of malware commonly referred to as Win32/Agent known for data stealing has placed fifth in the ranking, as has INF/Conficker, referring to variants of this worm exploiting the Windows OS autorun function.
Global threats based on ESET ThreatSense.Net® (September 2009)
EUROPE, MIDDLE EAST, AFRICA (EMEA)
Throughout September, the popularity of exchangeable media has contributed to the high occurrence of related threats in the Slovak Republic. INF/Autorun is the country‘s top threat with a share of 5.51%. A similar trend was registered also in Israel (4.99%), Latvia (4.97%) and Lithuania (5.44%). Even higher share of USB-exploiting threats was registered in the United Arab Emirates – 7.36%.
The users in Czech Republic have encountered most often a trojan Win32/TrojanDownloader.Bredolab (4.25%). Bredolab installs additional malware into the user’s computer. Win32/Qhost is the top threat in Slovenia (2,96%). This threat copies itself to the %system32% folder of Windows before starting. Win32/Qhost can spread through e-mail and gives control of an infected computer to an attacker. This group of Trojans modifies the host’s file in order to redirect traffic for specific domains.
For the month of September, Win32/Sality has become the most prevalent piece of malware in Ireland. Analysis of ESET ThreatSense.Net shows that this polymorphic infector has scored 7.39% of all malware detections in Ireland. Win32/Sality is renowned for its capability to infect executable files (EXE) found on the infected computer. Instead of deleting, infected files must be cleaned or restored from a backup. Traditionally, the variants of Conficker worm remain most widespread mainly in Eastern Europe, however, the September statistics registered a 100% increase in this dangerous worm also in the Republic of South Africa (18.51%). This share is even greater than in Russia (17.95%). Conficker managed to rank first also in Ukraine (27.03%), Romania (13.64%), Bulgaria (13.63%), Serbia (8.82%), but also in western European countries - Italy (7.51%), United Kingdom (5,50%) and Austria (2.83%).
Hungarian malware statistics were dominated by downloader of additional various types of malware or adware Win32/TrojanDownloader.Swizzor with a share of 7.39%. Poland was afflicted with a mixture of trojans designed to steal data from online games. Win32/PSW.OnLineGames has reached a 11.89% share in Poland, compared to 8.40% in France.
About ESETFounded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; San Diego, USA; Prague, CZ; Buenos Aires, AR; and has an extensive partner network in 180 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.
ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.