Top Threat in August 2010: INF/Autorun

Next story

Keen observers may notice that the top ten threat ranking by ESET which has become fairly static, even predictable, has changed this month. This is partly due to ESET Virus Lab  introducing some changes in the process of malware data collection which affects the way in which automated signatures are named. This change will enable us to identify reported threats more precisely and deal with customer support issues even more effectively. We've also taken the opportunity to optimize the implementation of ThreatSense.Net® data reporting and introduced a  finer-grained categorization of statistical  data with the aim of, making its  interpretation easier and more accurate.

Analysis of ESET’s ThreatSense.Net®, a sophisticated malware reporting and tracking system, shows that the highest number of detections for the month of August, with almost 7.76% of the total, was scored by the INF/Autorun class of malware. ESET uses this detection label to describe a variety of malware using the file autorun.inf as a way of compromising a PC. This file contains information on programs meant to run automatically when removable media, like USB flash drives  are accessed by a Windows PC user. ESET security software heuristically identifies malware that installs or modifies autorun.inf files as INF/Autorun unless it is identified as a member of a specific malware family.
Ranked second on the malware list was Win32/Conficker, with a share of 4.89%, followed by Win32/PSW.OnLineGames ranked third (3.82%)

A malicious code using Autoit scripting language – Win32/Tifaut  created to steal information from infected computers placed in the fourth place with a share of 2.56% of all detections. This malware spreads between computers by copying itself to removable storage devices and by creating an Autorun.inf file to execute  automatically. Moreover, the autorun.inf file is generated with junk comments to make it harder to identify by security solutions.

INF/Conficker (infection rate of 1.61%), which is related to the INF/Autorun detection is a version of the file autorun.inf malware used to spread latter variants of the Conficker worm.

Global threats according to ESET ThreatSense.Net® (August 2010)



INF/Autorun was the top-ranking threat in the region of EMEA in August 2010,  scoring 10.48% in the Republic of South Africa, 5.66% in Israel, 5.5% in Russia, 3.58% in Austria and 3.45% in Slovakia.
ESET analysis shows that Win32/TrojanDownloader.Bredolab (3.5%) was most prevalent malware detected on the computers of ESET users in Czech Republic. This Trojan is designed to establish a clandestine connection to different domains through instructions embedded in its code,  allowing it to automatically download and execute other pieces of malware on the computer it infects. Bredolab variants are responsible for downloading a wide range of other malicious programs with different payloads and secondary infection mechanisms. This malware ranked second in Austria with a share of 2.36%, and third in Denmark with 1.49% overall infection share.

Win32/Agent is the top threat in Germany (8.08%), Sweden (5.14%) and Norway (2.16%), while Win32/Conficker remains the No.1 threat in Ukraine (6.98%) and the United Arab Emirates (3.83%).

About ThreatSense.Net®
ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide.  This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates   ̶ to protect its users against tomorrow’s threats.

About ESET

Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
ESET has headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic; Singapore and an extensive partner network in 180 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.