Global Threat Trends - December 2007

Next story

During the month of December, close to [or is that more than?] 4.88% of all threat detections were flagged as INF/Autorun. This detection label is used to describe a variety of malware using the file autorun.inf as a way of compromising a PC. This file contains information on programs to run automatically when removable media (often USB memory sticks) are inserted into a computer, and NOD32 identifies malware that installs or modifies autorun.inf files as INF/Autorun.

Second in the ranking for December, we find Win32/Obfuscated.A1 reaching 4.57% of detections. This label is used by ESET NOD32 to identify malicious software that uses code obfuscation to hide its functionality, using techniques such as packing, polymorphism and junk code injection.

Win32/Adware.Virtumonde accounted for around 3.67 % of detections. This “potentially unwanted” application is used to deliver advertisements to users’ PCs.

Adware/Ezula accounted for 2.32 % of detections. The installation of this unwanted software is completely silent, giving no warning or information on what is being installed. Once installed, this program downloads and executes additional software components from a website currently located in the Philippines. In addition, it keeps tracks of search keywords entered by users, and intermittently adds advertised links to web pages viewed on infected systems.

During the month of December, Agent.NDP, which in November was ranked first, accounted for 1.81% of all detections.. NOD32 identifies it as Win32/PSW.Agent.NDP, a Trojan able to steal passwords from several sources and to send the information to a remote attacker. This tool is commonly used in identity theft scams and other malicious activities.