April 6, 2009 | Bratislava | Press Releases

Conficker Topmost Threat throughout March 2009

Large countries reporting high share of online gaming trojans

ESET ThreatSense.Net® statistical system has evaluated the worm Win32/Conficker as the most often detected computer threat for the month of March with 8,90% out of all detections. Due to the prevalence of the worm’s variants, ESET has elected to list this threat under one category to better illustrate the trend. The worm itself operates by contacting web servers with pre-computed domain names, where to download additional malicious components into the user’s computer.

Beside Conficker, other top-ranked threats include Win32/PSW.OnLineGames (8,54%) - a family of trojans, some of which spread via exchangeable media and steal artefacts and information relating to popular online games. This is nearly 2% higher than a month ago.

Next down on the list is a category of trojans spreading exclusively via exchangeable media, taking advantage of the vulnerability in the Windows autorun function INF/Autorun, reaching 7,19% of all threats detected by combined ESET NOD32 Antivirus and ESET Smart Security detection reports sent into the ESET Virus Lab by consenting users. Win32/Agent with 3,22% is yet another top-ranked threat. It is a member of a notoriously known trojan family with capabilities to steal sensitive data from infected PCs.

WMA/TrojanDownloader.GetCodec has ranked fifth on ESET’s threat list with 1,45%.

Win32/GetCodec.A is a type of malware that modifies media files. This Trojan converts all media files found on a computer to the WMA format and adds a field to the header that includes a URL pointing the user to a new codec, claiming that the codec has to be downloaded so that the media files can be read. WMA/TrojanDownloader.GetCodec.Gen is a downloader closely related to Wimad.N which facilitates infection by GetCodec variants like Win32/GetCodec.A

EUROPE, MIDDLE EAST, AFRICA (EMEA)

Win32/PSW.OnLineGames is a top threat in Central European countries, such as Poland (14,08%) and Slovakia (6,03%), while Win32/Genetik with its 4,46% remains a top threat in the Czech Republic. In Hungary, the threats rank in the following order: Win32/TrojanDownloader.Swizzor.NBF (4,34%), closely followed by Conficker (4,11%).

According to the data captured by ThreatSense.Net® the worm Conficker has been spreading on a massive scale primarily in the region of Eastern Europe, with especially high occurence in Ukraine (27,52%), Russia (22,48%), Romania (12,11%), Bulgaria (10,17%), apperaing also in Spain (11,81%), Italy (7,79%).

The media trojan WMA/TrojanDownloader.GetCodec has been the most frequent occurence in the Netherlands (6,52%), Denmark (9,88%), Estonia (6,58%), Austria (6,46%), Ireland (6,52%), and Sweden (6,20%). Throughout March 2009, Win32/Agent or Win32/Agent.NFL has been a dominant threat in Germany (4,72%), Latvia (7,53%) and Lithuania (8,62%). The INF/Autorun family of trojans were among the most frequently-occuring threats in the Republic of South Africa (6,67%) and Israel (5,28%). Throughout March 2009, Win32/Toolbar.MyWebSearch was the top threat in Great Britain (6,20%).

Global Threats According to ESET ThreatSense.Net® (March 2009)

<img src=Pictures/ThreatSense.Net_March2009.JPG</buxus-image> />