Malware du Jour
ESET, the anti-malware company for which I work, has just published its half-yearly report on global malware trends, based on data generated by automatic threat-tracking systems. Few people who read this blog will be interested in the marketing aspects of that document, but I thought you might find some of the conclusions interesting.
- We’ve noticed (actually over far longer than six months) a huge number of detections of malware that uses the Windows AutoRun facility to self-install from removable media (USB flash drives, CDs and so on). It may seem slightly surprising that other vendors haven’t flagged this trend particularly, but it doesn’t mean they don’t detect the same things: it’s just that we have a heuristic that highlights that trend. In the same way, another vendor has a detection that highlights a high proportion of iFrame exploits. We’re very aware of the ever-increasing volume of web-hosted threats, but we don’t have an exact equivalent to that heuristic, so that particular trend isn’t so obvious from our (prevalence-based) figures.
- Possibly Unwanted Applications (PUAs) and other adware and spyware detections occupy several places in our top ten. That’s not a complete novelty, but the impact of the Virtumonde Trojan in particular is dramatic. Virtumonde is a real pain: its authors work hard at hiding it from specific anti-malware products, and it can be grim trying to remove it from a system when it’s in memory. Leaving it there isn’t much of an option, either: it has a habit of pounding an infected system with so much advertising that it becomes unusable.
- There’s been a dramatic decline in the use of email to distribute new malicious attachments: of course, it remains a prime vector for the dissemination of malicious URLs. What interested me was the sheer volume of antique mass mailers like Netsky.Q, but my guess is that these are mostly generated by unprotected home machines running obsolescent Windows versions.
- Password stealing attacks on online gamers and haunters of metaverses like Second Life have been around for a while, too, but they’ve overtaken AutoRun exploits in the “top ten” over the past few months. And that’s not even taking into account other attacks like griefing and replicative “grey goo” style attacks.
ESET Malware Intelligence Team