May Threat Stats: More of Conficker and Some Regional Surprises

Next story
  • No major changes in the ranking of top threats

  • More threats exploiting the "autorun.inf " and using exchangeable media

  • Win32/Conficker top threat already in Hungary, Italy 

  • Denmark with high occurrence of a worm attacking Facebook users

The analysis of ESET ThreatSense.Net technology has revealed the INF/Autorun to be the most frequently detected infiltration throughout May 2009. What’s more, the mixture of threats propagating via exchangeable media, exploiting the MS Windows autorun.inf function has reached 10,9% of all threats intercepted.

The second place was claimed by Win32/Conficker that used to rank number one the previous month, despite the fact that it registered an increase in the share of the detection. In May, the variants of the Conficker worm have come to account for 9,98% of the total infiltrations. The share of malware variants Win32/PSW.OnLineGames consisting (mainly) of trojans targeting the online gaming community was found to have declined month-to-month, placing 3rd, with 6,01%.

Win32/Agent – the ESET classification referring to the malicious code capable of stealing information from an infected computer has ranked 4th in the month of May with 2,88%. It is used for sending unwanted electronic communication. INF/Conficker, with a share of 1,80% has taken the 5th slot in ESET‘s malware ranking. Its trademark malicious activity is the exploitation of the autorun.inf to spread the latest variants of the Conficker worm.



No major changes as regards the distribution of infiltrations as compared to previous months, however, ESET has captured some noteworthy findings.

In Poland, Win32/PSW.OnLineGames was again dominating the threat ranking, with 12,24%, while placing number one in Slovakia with 5,74%. Moreover, we have witnessed a trend of a high share of occurrence of data stealers targeting online games – especially in the United Arab Emirates (8,82%) and France (12,81%).

Similar to previous months, the threat that has dominated northern Europe – the so-called media trojan known as WMA/TrojanDownloader.GetCodec.Gen - has reached a share of 3,68% in Sweden; 5,84% in Denmark; and 9,07% in Norway.

What is interesting to note in the region of northern Europe, is the high occurrence of the worm Win32/Koobface in Denmark, being the 5th most frequent computer threat in this country (2,08%). Other than in this country, the ThreatSense.Net® this form of malware was not detected in any significant number in any of the other EMEA countries. By itself not containing any malicious code, the worm and its variants exploit the Facebook community to propagate, with the capability to potentially download other infiltrations.

Across the countries of Eastern Europe, the variants of the Win32/Conficker have been top-ranking, with their share on the rise. In May, Finland reported a 11,49% occurrence; Russia 21,26%; Ukraine 24,18%; Bulgaria 10,71% and Romania 11,97%. Surprisingly, Conficker has become one of the top threats in Hungary with a share of 5,22%; Italy with 6,84%; Estonia, with 5,62% and South Africa with a share of upwards of 11,40%.

In the month of May, the users in Great Britain have most frequently encountered Win32/Toolbar.MyWebSearch (6,20%), similarly as users in Latvia (4%). Trojans have continued to dominate the malware scene in the Czech Republic – especially when it comes to threats downloading and installing infected components to the user’s computer. Moreover, the malware variant Win32/TrojanDownloader.Bredolab.AA ranked among the top threats with a share of 3,68%. As was the case in April, the INF/Autorun remained number one threat in Lithuania, with a share of 6,32% of all detected malicious code targeting ESET users.

Global Threats According to ESET ThreatSense.Net® (May 2009)

About ESET

Founded in 1992, ESET is a global provider of security solutions forenterprises and consumers. ESET is a market leader in proactivedetection of malware. Thanks to its ThreatSense.Net® technology, it isable to collect data on a volunteer basis from users all around theworld, allowing it to react flexibly to emerging threats. It‘s ESETNOD32 Antivirus has been ranked by the independent AV-Comparativestesting lab as the best antivirus product worldwide (2006, 2007). ESEThas offices in Bratislava, SK; San Diego, USA; Prague, Czech Republic;Buenos Aires, Argentina; and has an extensive partner network in 160countries. In 2008, ESET has opened a new research center in Krakow,Poland. ESET was named to Deloitte’s Technology Fast 500 one of thefastest-growing technology companies in the region of Europe, MiddleEast and Africa.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.