March 2010: Malware that change settings for Internet Browsers Among Top Threats

Next story

The March ranking of global computer threats is topped, once again, by Win32/Conficker. However, there have been some shifts in the top 10, with new malware types ̶ afflicting especially computers in Eastern Europe and China.

The overall share of infections by Conficker has risen month-to-month, reaching 10.32% of all threats detected on the computers of users of ESET security solutions ̶ ESET Smart Security and ESET NOD32 Antivirus. The results were tabulated by ThreatSense.Net, ESET’s malware data-collection system and represents malware’s global proliferation.

Ranked second on the malware list was INF/Autorun, with a share of 8.42%, which is a month-to-month decrease of 5.15%. This label refers predominantly to Trojans devised for stealing information and artifacts from online games, such as Lineage and World of Warcraft.

A malicious code using Autoit scripting language – Win32/Tifaut  has for the first time made the top ten list globally as the most widespread type of malware, placing 6th with a share of 1.49%. This malware spreads between computers by copying itself to removable storage devices and by creating an Autorun.inf file to start automatically. Moreover, the autorun.inf file is generated with junk comments to make it harder to identify by security solutions. This malware was created to steal information from infected computers.

Ranked 7th in the month of March is a threat that ESET labels as VBS/StartPage, reaching a global share of 1.22%.
VBS/StartPage is a detection applied to various examples of malware that change settings for Internet Browsers (usually Internet Explorer) and redirect the starting page to advertisement websites.  These threats can also create icons on an infected PC's Desktop with links to advertisements.  VBS/StartPage is very prevalent in Asia and especially in China, if this threat is detected on a computer, it might be an indication that other threats might have infected this system.

ESET ThreatSense.Net® (March 2010)



Regionally, throughout March, the threats copied the global trend. Thus, Win32/Conficker remained No. 1 threat in the region. In the U.K, its share was 7.92%;  in Germany 10.09%; Finland 9.65%; Czech Republic 4.82%; Hungary 5.15%; Russia 13.84%; Ukraine 19.68%; Latvia 5.90%; United Arab Emirates 9.93%; and Serbia 9.78%.

Similarly to Conficker, another mixture of Trojans exploiting the Windows autorun.inf function ranked among the dominant threats in the EMEA region. INF/Aurorun ranked No. 1 in Slovakia with a share of 7.48%; reached 8.95% in France; appeared in Israel with 5.80%; Republic of South Africa with 11.88%; Latvia (6.68%), and Austria (4.99%).

Belgium and Estonia are among the regional exceptions, where Win32/Injector was the most widespread malware. This label denotes variants of password and other sensitive information-stealing Trojans from an infected computer. Win32/Skintrim with a share of 10.43% has ranked No. 1 in Italy. It denotes a family of Trojans specializing in the download and execution of random files. 

Scandinavian countries have been afflicted by a high share of Win32/Agent, which is the most widespread threat in Denmark (4.27%); ranked No. 3 in Sweden (3.87%) and Norway (2.74%); and reached No. 4 in Finland (3.83%). ň

Aside from the 'Agent' family of threats, Win32/Lethic.AA also accounts for a high share of computer threats in northern Europe. This Trojan takes instructions for its activities from the Internet or a remote computer. The malware is designed to turn the infected computer into a powerful bot for sending out unsolicited e-mail.

Win32/Lethic.AA is the No. 1 threat in Norway (3.32%) and the 4th most often detected threat in Sweden (3.67%) and Denmark (2.23%).

About ESET 

Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET's NOD32 antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
ESET has headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic, and an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.
ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide.  This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates  ̶  to protect its users against tomorrow’s threats.