February 8, 2010 | Bratislava | Press Releases

Conficker is the topmost threat in Europe together with Ursnif spyware application and infected-web trojan

Analysis of ESET’s <a target="_blank" href=14955</buxus-link>>ThreatSense.Net®, a sophisticated malware reporting and tracking system, shows that the highest number of detections this month, with almost 9.90% of the total, was scored by the <a target="_blank" href=24777,""</buxus-link>>Win32/Conficker class of threat. <a target="_blank" href=26071,""</buxus-link>>INF/Autorun scored second with 7,37% of all detections in January and its share is slowly decreasing for the third month in a row.

<a target="_blank" href=26236,""</buxus-link>>Win32/PSW.OnLineGames scored third with 6,23% share. This is a family of Trojans used in phishing attacks aimed specifically at game-players: this type of Trojan comes with keylogging and (sometimes) rootkit capabilities which gather information relating to online games and credentials for participating. Characteristically, the information is sent to a remote intruder’s PC. There are two newcomers to the ThreatSense.Net ranking in January.

JS/TrojanDownloader.Agent (0,90%) on the 8th place is a trojan that normally runs from a malicious website. It downloads additional files to an infected computer and executes them without the user’s knowledge or consent. The trojan hides its window from the user when it is running. This kind of malware runs as part of the download and installation phase for a range of malware. General advice for the users is to turn off Javascript. Firefox users can use NoScript extension in order to diminish risk of getting infected by visiting infected websites. Web admins, if applicable, might want to limit FTP access to their servers just to computers coming from their own respective country which might reduce number of attack attempts.

The 10th most spreaded malware in January is Win32/Packed.Autoit (0,69%). This is a heuristic detection that refers to malware created using the Autoit scripting language.

Global Threats in January 2010 according to ESET ThreatSense.Net®

<img align="middle" width="543" src=Pictures/ThreatSense_01_2010.JPG</buxus-image> height="296" /> 



Win32/Conficker is the top threat in the region. The Win32/Conficker threat is a network worm originally propagated by exploiting a recent vulnerability in the Windows operating system. This vulnerability is present in the RPC sub-system and can be remotely exploited by an attacker without valid user credentials. Depending on the variant, it may also spread via unsecured shared folders and by removable media.

Conficker dominates in Ukraine (24,95%), South Africa (15,77%), Bulgaria (15,37%), Romania (14,53%), Russian Federation (14,44%), Italy (9,84%), Spain (9,31%), United Kingdom (8,49%), Serbia (8,36%), Germany (7,73%), Finland (7,24%), Hungary (6,88%), Austria (6,02%), Czech Republic (4,59%) and Slovenia (4,14%).

JS/TrojanDownloader.Agent isn´t the topmost threat, but it reaches high rankings in many countries such as Romania (4,43%), Hungary (4,25%), Turkey (3,33%), Netherlands (2,70%), Slovakia (2,47%), Switzerland (1,87%), France (1,84%), Poland (1,63%), Israel (1,59%) and Croatia (1,37%).

Spyware application labeled as Win32/Spy.Ursnif.A spreads itself mostly in the Eastern Europe. This label describes a spyware application that steals information from an infected PC and sends it to a remote location, creating a hidden user account in order to allow communication over Remote Desktop connections. Its share in Belarus is 5,29%, while 5,17% in Russia, 0,96% in Ukraine and Kazakstan and 0,52% in Turkey.

Win32/PSW.OnLineGames is the No.1 threat in Poland (16,30%) and Slovakia (8,30%). INF/Autorun was most detected malware on the computers in United Arab Emirates (8,30%), Israel (5,19%) and Lithuania (4,90%). Sweden had Win32/Patched ranked on the first place with 13,74%. This malware covers a whole lot of various infiltrations which modify system files in order ensure their automatic launch. Default Windows applications such as notepad, calc, narrator, telnet or diskdefrag are usually modified as well.

About ESET

Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.