Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

AutoRun infector remains top of the threat list for February.

ESET : 04 March, 2008  (Technical Article)
ESET warns of the continuing growth in the use of AutoRun facilities in windows as a means of infecting computers.
ESET has announced that for the third consecutive month INF/Autorun, a generic detection for malware that uses the Windows Autorun facility to infect machines, was the number one detected threat in February according to ESET's ThreatSense.Net statistical reporting.

The AutoRun facility allows programs on removable media such as CDs, DVDs and USB memory sticks to run automatically when the media is present. Although very convenient for installing legitimate programs, it is now frequently used as an infection vector that many security experts, including ESET, recommend that users disable the functionality.

'Trojans using Autorun to infect computers is one of the more common threats that we have been seeing for several months now. In fact, this is one of the tricks the infamous Mocmex 'digital photo frame' malware uses,' comments David Harley, of ESET's Research team. 'Turning off the Autorun feature reduces the risk of infection, but as with any portable storage media, users should ensure that USB devices are scanned when they're opened, to make sure nothing malicious is lurking there.'

Highlighted in this month's report is the adware family, Win32/Adware.Virtumonde (Vundo), which is frequently amongst the top five threats of ESET's ThreatSense.Net data. Bot herders are paid to install it on compromised machines, where it then directs the compromised machine to sites used as proxies for advertisements at addresses stored locally in the System32 folder. Virtumonde is not self-replicating, but is widely disseminated and can be very difficult and time-consuming to remove if it does manage to get itself installed.

Top 10 Threats for February 2008

1 INF/Autorun - 9.43%
2 Win32/Adware.SearchAid - 8.05%
3 WIN32/Toolbar.MyWebSearch - 3.11%
4 Win32/Adware.Virtumonde - 2.09%
5 Win32/Adware.Virtumonde.FP - 1.69%
6 Win32/Pacex.Gen - 1.65%
7 Win32/Agent 1.53%
8 WIN32/Obfuscated.A1 - 1.33%
9 Win32/IRCBot.AAH - 1.17%
10 Win32/PSW.OnLineGames.NLI- 1.15%
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo