Tech Bitch

ESET announced today that for the third consecutive month INF/Autorun, a generic detection for malware that uses the Windows Autorun facility to infect machines, was the number one detected threat in February.

The AutoRun facility allows programs on removable media such as CDs, DVDs and USB memory sticks to run automatically when the media is present. Although very convenient for installing legitimate programs, it is now frequently used as an infection vector that many security experts, including ESET, recommend that we disable the functionality.

Trojans using Autorun to infect computers is one of the more common threats in the last few months. In fact, this is one of the tricks the infamous Mocmex ‘digital photo frame’ malware uses. Turning off the Autorun feature reduces the risk of infection, but as with any portable storage media, we should all ensure that USB devices are scanned when they’re opened to make sure nothing malicious is lurking there.

Other highlights of ESET’s monthly report is the adware family, Win32/Adware.Virtumonde (Vundo), which is frequently amongst the top five threats of ESET’s ThreatSense.Net data. Bot herders are paid to install it on compromised machines, where it then directs the compromised machine to sites used as proxies for advertisements at addresses stored locally in the System32 folder. Virtumonde is not self-replicating, but is widely disseminated and can be very difficult and time-consuming to remove if it does manage to get itself installed.

Top 10 Threats for February 2008:

1. INF/Autorun (9.43%)

2. Win32/Adware.SearchAid (8.05%)

3. WIN32/Toolbar.MyWebSearch (3.11%)

4. Win32/Adware.Virtumonde (2.09%)

5. Win32/Adware.Virtumonde.FP (1.69%)

6. Win32/Pacex.Gen (1.65%)

7. Win32/Agent (1.53%)

8. WIN32/Obfuscated.A1 (1.33%)

9. Win32/IRCBot.AAH (1.17%)

10. Win32/PSW.OnLineGames.NLI (1.15%)