November Malware Threats: INF/Autorun Stays on the Top
The holiday season is here and ESET has put together golden tips for safer holiday shopping online. Even more holiday shopping will happen online this year than last and that means more scammers will be looking to do some shopping of their own, possibly at your expense. This might involve using your credit card and bank account to fund their gift-buying, or perhaps capturing and selling your personal information for some extra holiday cash. Here are some of the tips that Cameron Camp, Stephen Cobb and other ESET researchers have put together to help savvy cyber-shoppers avoid getting scammed while hunting for the best holiday deals online.
1. Tune your shopping machine: Like the tune-up your car might be getting before a long drive to deliver holiday gifts to relatives, your laptop may need a little attention before going online for some power shopping. Give it improved protection, by updating and patching your browser, operating system, and anti-malware suite.
2. Stick with familiar faces: Buy from websites that have established a reputation for doing what they say, providing accurate descriptions of merchandise and delivering it in good shape and on time.
3. Be wary of “amazing” deals: If it looks too good to be true, it probably is, particularly if it’s an amazing offer on one of the hottest products of the season. Such deals can be very tempting, but it really is safer to avoid following links that offer goods, services, or gift cards at impossibly cheap prices, they are just too risky. Not all discount vendors are scammers, but ask yourself if the promised savings are worth the gamble (or Google the offer and/or vendor to see what others are saying).
4. Insist on secure transactions: When you are in the ordering process on a website check to make sure it is using SSL, the standard in secure transactions that shows up in several ways. You should be able to see https or shttp in front of the web address instead of http. There may also be a lock or key symbol in the browser window as well. Using SSL encrypts the exchange of information, such as your credit card, so eavesdroppers cannot read it. When in doubt, a quick search in Google for the word “scam” or “fraud” along with the site name should tell you if that site has a history of problems.
5. Think before you act: Watch out for urgent deals that arrive in unsolicited email or purport to be from friends on social networking sites. If you think the deal is real, open a browser and type the name of the website directly into the address bar. This will keep you from getting swept away by scam links to fake websites.
To take a look at the rest of the 10 tips for safer holiday shopping online, you can visit ESET’s Blog “Cyber Monday Safety: 10 tips for safer holiday shopping online”.
Speaking of threats, every month ESET compiles a statistic based on its Live Grid® feature -
ESET’s cloud-based malware collection system utilizing data from users of ESET solutions worldwide. Every month for the last several months, removable media malware has topped the stats and November was no exception. INF/Autorun threat was first in the world: 4.38% overall and 3.66% in Europe. INF/Autorun is a label that describes a variety of malware exploiting the autorun.inf file as a way to compromise a computer. Win32/Conficker, which holds steady in the threat stats, has slowed spreading, appearing in the fifth position both in global (2.20%) and European (1.76%) chart. Win32/Dorkbot is moving up steadily, now appearing as number two threat globally for November with a slightly higher infection rate than the previous month (3.43%). This malware spread via removable media contains a backdoor that allows it to be controlled remotely. The worm collects login user names and passwords when the unsuspecting user browses certain web sites. Then, it sends all the gathered information to a remote machine.
Global Threats According to ESET Live Grid® Statistics (November 2011)
Threats in Europe According to ESET Live Grid® Statistics (November 2011)
About Live Grid®
Live Grid® is ESET’s cloud-based malware collection system utilizing data from users of ESET solutions worldwide. This continual streaming of information provides ESET Malware Lab specialists with real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates to protect its users against tomorrow’s threats.
About ESET
Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. The Company pioneered, and continues to lead, the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET NOD32 Antivirus, ESET Smart Security and ESET Cybersecurity for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries.