June Threats: Conficker Remains Active; New Trojan in Top 10

Next story
  • Conficker once again top threat
  • TrojanDownloader.Bredolab.AA, new on the global scale, ranks No. 1 in Czechia and Slovakia
  • Mixture of trojans attacking online gamers still abundant

The regular monthly report ranking the spread of PC infiltrations for the month of June has confirmed the high levels of occurrence of the Conficker worm, as well as a mixture of infiltrations propagating via exchangeable (USB) media. The ESET ThreatSense.Net portal has evaluated Win32/Conficker, with a share of 11,08%, as the most widespread threat. INF/Autorun placed second, with a global share of 8,33%.

As compared to the previous month, there have been no changes in the top 5 slots, where the third spot is occupied by Win32/PSW.OnLineGames (8,24%), Win32/Agent (2,55%) placed fourth and INF/Conficker 5th with 2,10%.

Win32/TrojanDownloader.Bredolab.AA is a newcomer on the list of infiltrations with a negligible share of just 0,70%. Its specialty is inserting itself into the PC running processes, aiming to disable those processes affecting security. It has the capability to copy itself into the system files and executing itself with every boot-up. At the same time, it establishes communication with a remote server via HTTP protocol, its only mission to download malware into the infected PC.


In terms of the spread of malware in the region of EMEA, there were no significant changes in the month of June as compared to the previous month. Win32/Conficker continues to occupy top positions in Eastern Europe, however, it dominates the threat landscape in Western Europe, namely in Italy and Germany.

Win32/PSW.OnLineGames has been the prevalent threat of several months in Poland with 13,39% occurrence in the month of June. This variety of malware, predominantly composed of trojans attacking online gamers also ranks number one in France with a share of 12,07%. INF/Autorun remains top threat in Ireland (8,88%), United Kingdom (7,04%), Lithuania (5,75%) and Israel (5,68%).

Throughout the month of June, Slovakia and Czech Republic shared a number one PC threat - Win32/TrojanDownloader.Bredolab.AA, reaching 7,22% in the latter (on the rise from 3,68% in May) and 6,43% in the former (an increase from 3,60% the month before). Other countries within the region are reporting Win32/Conficker as the most widespread infiltration, registering significant share in Ukraine (27,16%), Russia (20,43%), South Africa (16,60%), Bulgaria (12,02), Romania (11,36%), Italy (6,83%), Hungary (5,48%) and Germany (4,16%).

Slovenia is among the exceptions from the regional malware trends, with a prevalence of Win32/Qhost (3,78%), a mixture of trojans capable of carrying out MITM (man-in-the-middle) attacks by a way of re-routing DNS requests to the attacker‘s server. The attacker can thus intercept a portion of the communication occurring on the victim’s PC. WMA/TrojanDownloader.GetCodec was a dominant threat in Estonia (8,83%), Belgium (15,06%) and Holland (15,31%).

Global threats according to ESET ThreatSense.Net® (June 2009)

About ESET

Founded in 1992, ESET is a global provider of security solutions forenterprises and consumers. ESET is a market leader in proactivedetection of malware. Thanks to its ThreatSense.Net® technology, it isable to collect data on a volunteer basis from users all around theworld, allowing it to react flexibly to emerging threats. It‘s ESETNOD32 Antivirus has been ranked by the independent AV-Comparativestesting lab as the best antivirus product worldwide (2006, 2007). ESEThas offices in Bratislava, SK; San Diego, USA; Prague, Czech Republic;Buenos Aires, Argentina; and has an extensive partner network in 160countries. In 2008, ESET has opened a new research center in Krakow,Poland. ESET was named to Deloitte’s Technology Fast 500 one of thefastest-growing technology companies in the region of Europe, MiddleEast and Africa.

About ThreatSense.Net®

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.