PC Threats in August: Conficker on the Decline; Downloaders on the Rise

Next story
  • Decline of Conficker in Eastern Europe
  • Slovakia, Czech Republic threatened by Win32/TrojanDownloader.Bredolab
  • After a respite, strong presence of Koobface worm in Northern Europe

For the month of August, Win32/Conficker is the most wide-spread threat globally with a share of 8.56%. Compared to the month prior, Conficker has registered a slight decrease of 2 percent on average, while on the country-by-country level this has been even more pronounced.

In contrast to Conficker’s decline, a stronger global position has been claimed by a mixture of threats – predominantly online gaming trojans Win32/PSW.OnLineGames (with 8.28%). Ranked third, we still continue to see a host of trojans exploiting the autorun.inf function - INF/Autorun (7.80%). Fourth position (with 3.57%) in global threat report belongs to a variants of the Agent family comprising malicious code with data-stealing capability. The top five is completed by INF/Conficker related to INF/Autorun in that it uses this function for the Conficker's propagation.

Based on the statistical data collected by ESET ThreatSense.Net, top ten threats for the month of August includes also Win32/TrojanDownloader.Swizzor (1.39%) and Win32/TrojanDownloader.Bredolab (0.89%). Both of these forms of malware were written for the purpose of downloading and installing additional malware into an infected computer.

Global threats based on ESET ThreatSense.Net® data (August 2009)



Win32/TrojanDownloader.Bredolab remains top threat for the month of August as was the case for the preceding month. The infection rates are at 7.06% and 5.25% in the Czech Republic and Slovakia, respectively. Bredolab remains a top-ranking malware infiltrating computers in Latvia (3.80%).

In contrast, the variants of the Conficker worm are most widespread predominantly in the Ukraine (25.59%), Russia (17.38%), Bulgaria (13.48%), Romania (12.77%), but also in South Africa (9.50%), Great Britain (5.87%) and Austria (4.55%).

On the threat landscape, Poland is dominated by Trojans Win32/PSW.OnLineGames attacking online gamers with a share of 13.59%. Similar situation is in France (10.07%), Turkey (13.7%) and the United Arab Emirates (7.61%), which find themselves under the threat of online gaming trojans.

In the Scandinavian countries, Win32/Agent is among the most widespread computer threats, registering a 3.78% and 3.49% occurrence rate in Denmark and Sweden, respectively. Moreover, the Scandinavian countries continue to have a high exposure to the Koobface worm targeting users of social networks such as Facebook and MySpace. In Denmark, this form of malware is among top three on the list of threats with a share of 2.59%, while in Iceland, it placed within the top 5 (1.94%), and within the top 10 in Norway and Sweden.

About ESET

Founded in 1992, ESET is a global provider of security solutions for corporate customers and households. From a small family-sized venture, ESET has evolved into a leader in proactive malware detection and is in the front lines of combating emerging cyberthreats. Its flagship solutions - ESET NOD32 Antivirus and ESET Smart Security, built on the award-winning ThreatSense® engine are trusted by millions of users to protect their computers against a host of Internet-borne malware, such as viruses, trojans, worms, adware, spyware, phishing, rootkits. ESET has headquarters in Bratislava, Slovakia with branch offices in Prague, Czech Republic; San Diego, USA; and Buenos Aires, Argentina. ESET‘s security solutions are available in more than 160 countries worldwide. In 2008, ESET opened its new development center in Krakow, Poland and was ranked by Deloitte Technology Fast 500 as one of the fastest growing technology companies in the EMEA region.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.