May 18, 2010

AutoRun worms most common malware during Q1 2010

Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Two of the top five most prevalent pieces of malware during the quarter spread via the Windows AutoRun feature, according to McAfee's Q1 Threats Report. Cybercriminals use AutoRun to automatically install malicious software on a user's PC when an infected removable storage device is plugged in. The notorious Conficker worm spread this way.

“It does not require the user to click on it, which makes it particularly dangerous,” Dave Marcus, director security of research and communications at McAfee Avert Labs, told SCMagazineUS.com on Tuesday.

The threat vector is prevalent due to the widespread use of USB drives by consumers and enterprises, he said.

"Previously emerging trends, such as AutoRun malware, are now at the forefront,” Mike Gallagher, senior vice president and CTO of global threat intelligence for McAfee, said in a statement. “We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China."

Diploma spam, which advertises the sale of forged diplomas, was the most popular type of spam in China, South Korea and Vietnam, according to the report. Meanwhile, Singapore, Hong Kong, and Japan all had high rates of Delivery Status Notification (DSN) spam, which are forged email nondelivery receipt error messages, Marcus said.

In the United States, the majority of spam was comprised of DSN messages and emails trying to hawk merchandise, such as replica purses and jewelry.

The earthquakes in Haiti and Chile were the top two significant events exploited by spammers during the quarter, the report states.

Overall, spam volume increased five percent from the fourth quarter of 2009 to the first quarter of 2010. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 percent of all email traffic, up from 133 billion email messages per day in the prior quarter.

The report also found that 98 percent of new malicious URLs worldwide are hosted on servers in the United States. McAfee researchers attributed this to malware distributors regularly abusing Web 2.0 services, which are highly prevalent in America.

Looking forward, attackers likely will continue to abuse social networking sites such as Twitter for malicious purposes, Marcus predicted. And PDF threats will remain common throughout the year.

“PDFs are heavily targeted right now, and Twitter is going to be ripe for abuse going forward,” he said.

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.