Conficker back in top three malware chart

According to the East European IT security vendor, during last month, INF/Autorun was the most popular type of threat in both Europe (5.27%) and globally (6.51%).

Win32/conficker, meanwhile – which the firm says was ranked as the most widespread malware last year – reached a global infection rate of 3.88% (3.12% in Europe) last month.

Win32/Sality remained in the third spot for the second month in a row globally (2.03%), whilst in Europe, the third sot went to HTML/IFrame.B.Gen with 3.05% 'market share' rating.

Eset says that INF/Autorun is a malware label that describes a variety of malware exploiting the autorun.inf file as a way to compromise a computer. The file, adds the IT security vendor, contains information on programmes which are meant to run automatically when removable media – often USB flash – and is accessed by a Windows PC user.

The golden oldie, Win32/Conficker, meanwhile, is a network worm originally propagated by exploiting a vulnerability in the Windows operating system. Depending on the variant, Eset's analysis says it may also spread via unsecured shared folders and by removable media, making use of the Autorun facility enabled by default in older Windows operating systems, although not on the Windows 7 platform.

Last, but not least, Win32/Sality is a polymorphic file infector, which Eset notes - when executed - starts a service and creates/deletes registry keys related to security. The malware also triggers the start of a malicious process at each reboot of the operating system.

It's not all golden oldies in the July chart, however, as Win32/Dorkbot is described as a newcomer in the top ten with a 1.47% market share. The malware, says the July report, is an especially prevalent in Latin America and the Caribbean.

Dorkbot, the analysis adds, is a worm that spreads via removable media and contains a backdoor that allows it to be controlled remotely. Once triggered, the malware collects login user names and passwords when the unsuspecting user browses certain web sites, then relays all the gathered information to a remote machine.

What’s Hot on Infosecurity Magazine?