September Threats: PDF Trojan Appears on Mac OS X; Removable Media Malware Leads the Stats

Next story

For the month of September, INF/Autorun yet again proved its notorious position as malware frontrunner with a 6.49% infection rate globally and 5.42% infection rate in Europe. Second was Win32/Conficker with a 3.65% infection share worldwide, making it also the number three malware with 3.40% in Europe. Statistics are based on ESET Live Grid data, cloud-based reputation technology that utilizes malware related data from users of ESET solutions worldwide. Cloud-based reputation is yet another method used by the fifth generation of ESET products to improve the detection power. The result is enhanced precision in detecting threats and fasters scanning. INF/Autorun is a label that describes a variety of malware exploiting the autorun.inf file as a way to compromise a computer. This file contains information on programs meant to run automatically when removable media (often USB flash drive) is accessed by a Windows PC user. The Win32/Conficker is a network worm originally propagated by exploiting a vulnerability in the Windows operating system. Depending on the variant, it may also spread via unsecured shared folders and by removable media, making use of the Autorun facility enabled by default in older Windows OS (though not in Windows 7). Win32/Dorkbot is a form of malware appearing in the statistics only for the last few months, however every time moving up in position. Right now with a 3.23% infection rate globally, it is in the third spot. Especially Latin America is seeing an upsurge of this worm (10.14% rate in Latin America and the Caribbean).  This malware is also known to spread via removable media and contains a backdoor that allows it to be controlled remotely. The worm collects login user names and passwords when the unsuspecting user browses certain web sites. Then, it sends all the gathered information to a remote machine.Global Threats According to ESET Live Grid® Statistics (September 2011)Global Threats According to ESET Live Grid® Statistics (September 2011)A new type of threat emerged in September targeting Mac OS X users in the form of a trojan targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF document containing a Chinese language article on the long-running dispute over Diaoyu Islands. At the moment that the user opens the “PDF” file, it attempts to mask the installation of a malicious payload by opening an actual PDF document that directs the user’s attention to the story. At that time the malware completes installation of a payload designed to give the attacker remote access to the victim’s computer. This type of PDF exploit is common on Windows where it is often seen as .pdf.exe double-extension files. However, this type of attack is new to the Mac platform. Some best practices to reduce the risk of infection:

  • Never open file attachments in email that you did not expect to receive without first confirming the file was actually sent to you by the sender you trust.
  • When downloading files online, don’t trust sites that are not reputable outlets for content.
  • Run antivirus/Internet security software on all your devices.

EUROPE, MIDDLE EAST, AFRICA (EMEA)INF/Autorun is a mainstay when it comes to malware and appears in the top position in the European threat statistics, also ranking as the most widespread malware in several European, African and Middle-Eastern countries including South Africa (10.15%), Ukraine (5.47%), Israel (3.70%) and Spain (3,70%). Win32/Autoit on the other hand is number one in Turkey (13.30%). Win32/Conficker was yet again the fastest spreading malicious code in Bulgaria (6.53%), while Win32/Dorkbot appears in top five in several European countries including Ukraine (2.50%) Threats in Europe According to ESET Live Grid® Statistics (September 2011) Threats in Europe According to ESET Live Grid® Statistics (September 2011)

About Live Grid®

Live Grid® is ESET’s cloud-based malware collection system utilizing data from users of ESET solutions worldwide. This continual streaming of information provides ESET Malware Lab specialists with real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates to protect its users against tomorrow’s threats.


About ESET

Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. The Company pioneered, and continues to lead, the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET NOD32 Antivirus, ESET Smart Security and ESET Cybersecurity for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution headquarters in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network in 180 countries.