Win32/Conficker – Threat Exploiting Windows Vulnerability a Top Threat in July

Next story

Win32/Conficker worm is a present-day most widespread computer threat. The multitude of this malware’s variants have reached a global share of 12,47% of all detected threats on computers of millions of users of ESET Smart Security and ESET NOD32 Antivirus. Conficker worm was programmed to spread not only via the Internet, using an earlier Windows vulnerability, but also to spread via exchangeable media. After embedding itself in the computer, it can receive instructions remotely and making it suitable to become a part of a spamming botnet, as well as for dissemination of other types of computer threats.

The second most-widespread computer threat also uses exchangeable media for its propagation – a mix of trojans exploiting the Windows autorun function. Throughout the month of July, INF/Autorun has reached a share of 5,90% of all threats globally. Month-to-month Win32/Agent has also increased its share, reaching 3,65%, making it the No. 3 global threat. The variants of this trojan family are devised to steal sensitive information from infected computers.

The newcomers on the July threat landscape are Win32/Dursg.A, a trojan ranked 8th, predominantly afflicting computers in Turkey, with a global share of 1,14%. This trojan, probably of Russian origin redirects results of online search engines to web sites that contain adware. The malicious file is obfuscated using UPX run-time compression. The malware modifies information in popular browsers including Internet Explorer, Google Chrome, Mozilla Firefox and Opera relating to well known search engines and other services including Google, Yahoo, MSN, Bing and YouTube, so as to divert user searches to adware-hosting sites when one of a wide range of commonly used keywords is entered.

Placing tenth on ESET’s malware stats is Win32/Oficla.GN, a member of a trojan family downloading additional malware from the Internet  into a computer it infects. With a global share of 0,80%, in countries like the Czech Republic, Austria, Germany, the Netherlands or Norway, it is one of top 3 infiltrations.

Global threats according to ESET ThreatSense.Net® (July 2010)



Win32/Conficker is a clear malware leader in the EMEA region. Not only is it the No. 1 threat in almost each country in the region, in some countries it has reached unusually high infection rates in July – more than 25% in Slovenia, Ireland and Belgium. It has also accounted for more than 10% of malware incidents in Russia, Ukraine, SAR, Egypt, Finland, Romania, Germany and Spain. In the Czech Republic, the Conficker worm scored 9.55% of the total, and Slovakia reports an infection share of 6.15%. Conficker tops the threat ranking also in Poland (8.88%), which used to be the domain of stealers of online-game credentials.

However, there are countries where Win32/Conficker is not present among the top three computer threats: users in Sweden were troubled by a threat dubbed Win32/Patched (11.76%), Estonia was dodging attacks of the members of the Win32/Agent family (5.42%). Agent variants were top threats also in Denmark (7.47%), Netherlands (5.12%), and Norway (6%).

Perhaps it was the high market share of ESET security solutions and ESET users in Turkey that has pushed Win32/Dursg.A into the global Top Ten. This trojan has become the most frequently occurring threat in the country, accounting for 9.71% of all malware detections. Win32/Oficla.GN can be found among the top three threats in the Czech Republic (7.07%), Austria (7.72%), Denmark (5.62%), Germany (4.30%), and Norway (3.10%).



About ThreatSense.Net®
ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide.  This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates   ̶ to protect its users against tomorrow’s threats.

About ESET
Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET's NOD32 antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
ESET has headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic, and an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.