Media trojan dominates WesternEurope, whereas dangerous Conficker threatens its eastern part
Analysisof ESET's ThreatSense.Net®, a sophisticated malware reporting and trackingsystem, shows that the highest number of detections in January, with almost9.71% of the total, was once again registered by the INF/Autorun class ofthreat. We have been detecting very high volumes of malware using the WindowsAutorun facility for well over a year, along with gaming password-stealingmalware, which again takes second place. Password stealers are still being seenin very high numbers, and shouldn't be perceived as in decline. INF/Autorun is actually a verybroad class of malware, since many kinds of malicious program use this approachto infection.
Win32/PSW.OnLineGames (No.2 in the Globalreport) targeting users in France(8,02%), Spain (6,31%), Turkey (10,24%) it belongs within a family of trojanswith keylogging and occasionally rootkit capabilities. This particular versionhas been written to gather information relating to online games and gamers'personal data. Whenexecuted, the trojan copies itself into the root folders of fixed and/or removabledrives giving the perpetrators the ability to remotelytake over accounts in order to steal points and virtual treasure, and oftenturn these for profit.
Win32/Conficker.AA (No.3 in the Global report) is a worm that has been infecting workstations in Eastern Europe -Ukraine (10, 68%), Russia (6, 40%) and spreads via shared folders and removablemedia. It connects to remote machines in an attempt to exploit the ServerService vulnerability.
WMA/TrojanDownloader.GetCodec.Genappearspredominantly in smaller Western European countries - Austria (6,35%), Belgium (13,89%),Netherlands (15,32%), Switzerland(8,34%), the Nordics -Denmark (10,62%),Norway(11,05%), as well as some CEE countries - Estonia(11,62%), Hungary(5,29%). This malware converts all audio files foundon a computer to the WMA format, adding a field to the header that includes aURL, and points the user to a new codec, claiming that it has to be downloadedfor the media file to be read.
Win32/Toolbar.MyWebSearch affecting countriesranging from the British Isles - Ireland (8,46%), U.K (7,49%) to Baltics - Latvia(5,20%), Lithuania(6,38%)to SE Europe - Romania(5,28%) to the Middle East - Israel (6,20%). It is a Potentially UnwantedApplication (PUA) in the form of a toolbar which includes a search function,routing searches through MyWebSearch.com website.
Win32/Adware.Virtumonde afflicting countriesin Western Europe - Germany (5, 55%), Italy (5, 82%), Northern Europe - Sweden(8, 03%), SE Europe - Croatia (5, 92%), Slovenia (6, 29%). This maliciousapplication in the form of a trojan serves to deliver advertisements to users'PCs. Among other actions, Virtumonde may open multiple windows while running,which contain unwanted advertising material
INF/Autorun occurring in CzechRepublic (7,05%), South Africa (6,15%), Portugal (5,79%), Slovakia (4,98%) - belongs within a generic family of threats, which use Autorun.inffiles to automatically launch backdoors, trojans, and trojan downloaders whenthe user accesses certain files or folders.
Win32/Patched.BU is a geographically isolated malware targeting users in Bulgaria(9,05%). The Win32/Patched detectionlabel is applied to legitimate system files that have been modified by malware.The modification's objective is to load a malicious file at the same time as the modified fileis loaded into memory. The Patched.BU threat doesn't contain any code in itselfthat can be described as overtly malicious but is used to launch a program thatis undoubtedly malicious.
ESET ThreatSense.Net® Global Threats (January 2009)
