January 8, 2010 | Bratislava | Press Releases

Top threats in December: Conficker, PDF Exploits and Spyware Application

<a target="_blank" href=24162</buxus-link>>Win32/Conficker was the topmost threat in the year of 2009 according to ESET ThreatSense.Net® with 9,85% share of all detected malware in December.

<a target="_blank" href=26071,""</buxus-link>>INF/Autorun again placed among the top threats in December 2009 with 7,58%. This detection label is used to describe a variety of malware using the file autorun.inf as a way of compromising a PC. This file contains information on programs meant to run automatically when removable media (USB flash drives and similar devices) are accessed by a Windows PC user. According to ESET the share of this mixture of trojans could be lower in 2010 when Windows 7 will become more popular among users ( containing more security features related to autorun.inf).

<a target="_blank" href=26615,""</buxus-link>>Win32/PSW.OnLineGames (7,16%) is still among the most spreading malware. This is a family of Trojans used in phishing attacks aimed specifically at game-players: this type of Trojan comes with keylogging and (sometimes) rootkit capabilities which gather information relating to online games and participant credentials. Characteristically, the information is sent to a remote PC operated by an intruder. <a target="_blank" href=25307,""</buxus-link>>Win32/Spy.Ursnif.A (0,56%) is a new addition to the threat chart in December. This label describes a spyware application that steals information from an infected PC and sends it to a remote location, creating a hidden user account in order to allow communication over Remote Desktop connections.


Global Threats in December 2009 according to ESET ThreatSense.Net®

<img align="middle" width="543" src=Pictures/ThreatSense_12_2009_New.JPG</buxus-image> height="296" /> 



Various variants of Conficker worm (<a target="_blank" href=22679,""</buxus-link>>Win32/Conficker.AA, <a target="_blank" href=24777,""</buxus-link>>Win32/Conficker.AL, <a target="_blank" href=24162,""</buxus-link>>Win32/Conficker.X, etc.) became the most detected piece of malware almost in all of European countries. This threat entered Top 3 in Slovakia (3,07%) while it wasn´t even in TOP 20 all year long. Conficker was also No.1 threat for the first time in Czech Republic (4,46%) and Spain (8,47%).

Win32/Conficker continued to be the top threat in Russia (17,13%), Bulgaria (15,35%), South Africa (14,92%), Romania (14,37%), Finland (13,64%), United Kingdom (9,98%), Germany (9,22%), Austria (7,70%) and Serbia (7,70%).

Win32/PSW.OnLineGames is the top threat in Poland (15,06%), Slovakia (9,92%), France (8,87%) and Latvia (7,03%), while Win32/Skintrim is the most spreading malware in Italy for the month of December with a share of 10,56%. It is a family of trojans that downloads and executes arbitrary files. In the wild, they have been observed downloading variants of the Win32/Wintrim Family.

Customers in Estonia were threatened by <a target="_blank" href=26807,""</buxus-link>>Win32/Peerfrag.EU (5,46%) - a variant of a worm spreading via exchangeable media and through P2P programs containing backdoor and capable of downloading other objects from a remote PC, carrying out DoS attacks or stealing sensitive data from the user’s PC.

 INF/Autorun was the biggest threat in United Arab Emirates (10,45%), Israel (4,98%) and Lithuania (4,42%).

JS/Exploit.Pdfka is one of the newest threats in ESET ThreatSense.Net rankings. As its name suggests, this piece of malware exploits vulnerabilities in the PDF format with relatively high occurancein Sweden (3,40%), Denmark (2,22%), Netherlands (0,90%) and Germany (0,77%).

As one of the top threats in the global ranking, <a target="_blank" href=25307,""</buxus-link>>Win32/Spy.Ursnif.A is spreading mostly in Belarus (5,60%), Russia (5,11%), Ukraine (0,94%) or Kazakstan (0,56%).


About ESET

Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant,