May 6, 2010 | Bratislava

Top 3 Global Threats: Malware Family Capable of Stealing User Information

The data from ESET’s in-the-cloud malware collection system ThreatSense.Net® shows the new trend in the month of April when <a target="_blank" href=34531</buxus-link>>Win32/Agent entered Top 3 threat ranking with 3.53% share out of all detected malware detected on the ESET users computers. ESET describes this detection of malicious code as generic, as it describes members of a broad malware family capable of stealing user information from infected PCs.

After a long lead, <a target="_blank" href=34393,""</buxus-link>>Win32/PSW.OnLineGames has been knocked out of the most widespread category. This is a family of Trojans used in phishing attacks aimed specifically at game-players: this type of Trojan comes with keylogging and (sometimes) rootkit capabilities which gather information relating to online games and credentials. With 3.48% share in April, this detection is ranked in the fourth place.

 The top-most spread Internet malware include <a target="_blank" href=24962,""</buxus-link>>Win32/Conficker (9.47%) and <a target="_blank" href=26071,""</buxus-link>>INF/Autorun (7.98%), with the global share of Conficker slightly decreasing. During the summer of 2009 it scored approximately 30% in the Ukraine and Russia. Nowadays its share is increasing among western and northern European countries.

In the top 10 global malware ranking in April, we also find Win32/Packed.FlyStudio.O.Gen (1.34%). Flystudio O.Gen denotes detections for obfuscated FlyStudio executables, which are not always malicious: sometimes obfuscation is used as a means of legitimate digital rights management (DRM) by hampering attempts at malicious reverse engineering. However, the use of packers and obfuscators has been a fairly reliable indicator of malicious intent for some years now, and some vendors detect almost any obfuscated code as malicious or potentially malicious. <a target="_blank" href=33783,""</buxus-link>>Win32/Sality ranked No.7 with a share of 1.32%. It is a polymorphic file infector that modifies EXE and SCR files and disables services and process related to security solutions.


ESET ThreatSense.Net® (April 2010)

<img src=pictures/threatsense_net_april2010.JPG</buxus-image> alt="threatsense april 2010" />


Europe, Middle East and Africa (EMEA)

Win32/Conficker remains the top threat with high shares almost in each country of the region. In April, it had the highest ranking in Ukraine (15.05%), Bulgaria (14.28%), Romania (13.91%), Russia (12.12%), Germany (11.63%), Finland (11.36%), Serbia (9.84%), United Kingdom (9.74%), Italy (9.02%), Czech Republic (6.44%) or Hungary (5.85%).

The rise of the Win32/Agent label is marked in the majority of EMEA countries where it places within the top 3 and is the top-most threat in Denmark (5.91%), Austria (5.87%) and Norway (4.31%).

INF/Autorun is used to describe a variety of malware using the file autorun.inf as a way of compromising a PC. This file contains information on programs meant to run automatically when removable media (often USB flash drives) are accessed by a Windows PC user. The label is the most widespreadmalware in the Republic of South Africa (12.26%), Spain (11.67%), United Arab Emirates (9.36%), France (8.30%), Greece (5.98%), Latvia (5.81%), Slovakia (5.52%) and Israel (5.35%).

There are a few regional exceptions with different malware ranking at No.1 compared to the global ranking. Win32/Injector denoting variants of password and other sensitive information-stealing Trojans is the top-most Internet malware in Estonia (7.13%) and Belgium (4.84%).

In April, Win32/TrojanDownloader.Unruy was the No.1 threat in Slovenia. This UPX-compressed Trojan has even registered a 1% increase from the previous month, with a total of 5.84% of all malware detections in Slovenia.

About ESET

Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET's NOD32 antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic, and an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide. This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates ̶ to protect its users against tomorrow’s threats.