Win32/Conficker Revamps: ESET
INF/Autorun topped the list for being the most popular threat in July 2011, both in Europe by 5.27% and globally by 6.51%, according to the security threat analysis compiled by the East European IT security vendor, ESET.
While Win32/Conficker was placed at the second position by the vendor with 3.12% infection rate in Europe and at 3.88% rate globally, and which topped the list during the previous year during the same time.
Win32/Sality scored the third spot for the second month at 2.03% in a row globally, whereas in Europe the third spot was given to HTML/IFrame.B.Gen with 3.05% market share rating. Also, according to the report, HTML/ScrInject.B is widely popular in the Scandinavian countries with a total contribution of Norway (4.83%), Denmark (6.46%), Sweden (7.44%), and Finland (7.57%).
Further, ESET defines INF/Autorun as a malware label that depicts various malware that are exploited in the autorun.inf file with the intention of infection a computer. The IT security vendor also added that the file contains information on programmes that are meant to run automatically and are accessible by a Windows PC user.
On the contrary, Win32/Conficker can be defined as a network worm that was initially circulated by spreading malware in the Windows operating system. It can also be circulated via unsafe shared folders and by removable media that makes the use of the Autorun facility, which in turn is enabled by default in older Windows OS (though not in Windows 7).
Win32/Sality is in fact a polymorphic file infector that initiates a service and creates/deletes registry keys that are related to security, when executed. ESET also highlights in its report that the virus starts the malicious process instantly at each reboot of the operating system.
Besides all the above types of infectious malwares described above, Win32/Dorkbot is a beginner with 1.47% prevalence in Latin America and the Caribbean region. It is also a type of computer virus that starts operation through removable media. This worm includes a backdoor that facilitates it to be controlled remotely. The worm accumulates all login user names and passwords and sends all the information to a remote machine. VBS/StartPage.NDS, which is a Trojan that modifies the home pages of certain web browsers, is the latest form of malware ranked at the 10th position by the report with 0.97% prevalence.
Related article: Wayne Bank Warns of Fraudulent E-mail Purporting to be from Visa
» SPAMfighter News - 05-09-2011