June 16, 2011 | Bratislava | Press Releases

Threats in May: Playstation Breach – Password Reset Attack Looming; INF/Autorun – Top-ranking Global and European Malware

INF/Autorun, according to the statistical information from ThreatSense.Net, yet again wins the spot of the top most ranked global threat in May 2011 with 6.58 percent of occurrence. The second most wide-spread malware globally turned to be, for several months now, Win32/Conficker with a 3.61 percent share, followed by yet another old-timer Win32/PSW.OnlineGames with 1.92%.

Last month in cyberspace, Sony PlayStation Network/Qriocity Service breach continued to hit the news with most of the users changing their passwords. Sony has not reported whether credit card details were breached, which has resulted in many people cancelling credit cards used in conjunction with their Sony accounts. “However, the insidious threat that many people may miss is the compromise of the answers to password reset questions. That was some of the data that was reportedly compromised in the breach, and has perpetual consequences if you do not change your security reset answers on other sites as well,” says Randy Abrams, Director of Technical Education at ESET.

The way the password reset attack works is that a hacker tries to log into users account. It may be an email account, a social networking account, a blogging account, or another type of online account. The hacker clicks the link for “I forgot my password” and is challenged with security questions. Having obtained the answers from the Sony data breach, the hacker knows the answers to the reset questions “He is then able to commandeer your accounts, depending on the mechanism that particular sites use in conjunction with the security challenge questions,” says Abrams.


Global Threats According to ESET ThreatSense.Net® (May 2011)


Based on ThreatSense.Net, ESET’s cloud-based malware collection system, INF/Autorun was listed as the top global threat in May. It is a label that describes a variety of malware using the autorun.inf file as a way to compromise a PC. This file contains information on programs meant to run automatically when removable media (often USB flash drives) are accessed by a Windows PC user. The Win32/Conficker is a network worm originally propagated by exploiting a recent vulnerability in the Windows operating system. Win32/PSW.OnLineGames represents a family of trojans used in phishing attacks aimed specifically at gamers: this type of trojan comes with keylogging and (sometimes) rootkit capabilities which gather information related to online games and credentials of participants.

On ESET`s threastcape top five, both in Europe and globally, is HTML/StartPage - a trojan which tries to promote certain websites by modifying the window’s registry. The program code of the malware is usually embedded in HTML pages. The aim of this malware is to change the website that is first opened when running Microsoft Internet Explorer (only affected browser). In this way, it promotes a specific website, increasing hits and consequently profit, for the site’s creator.



INF/Autorun returned to top position in European threat statistics with the overall 5.67 percent prevalence. It was the top malware in Romania (8.4%), Poland (7.83%), Israel (6.45%), Ukraine (5.14%) or Austria (4.67%). Win32/Conficker has also placed in top spots in most of the EMEA countries, registering the highest level of occurrence in Bulgaria (5.76%). In the overall European statistics with 2.98 percent, it ranked number three.

European number two on the stats, HTML/StartPage.NAE was the top threat in Turkey (12.93%) and one of the top threats in Spain (3.94%). Finally, JS/Redirector has topped the malware stats in the United Kingdom (3.82%) and Sweden (5.09%) as well as other countries.


Threats in Europe According to ESET ThreatSense.Net® (May 2011)


About ThreatSense.Net®

ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide. This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates ̶ to protect its users against tomorrow’s threats.

About ESET

Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. The Company pioneered, and continues to lead, the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET NOD32 Antivirus, ESET Smart Security and ESET Cybersecurity for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution headquarters in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network in 180 countries.