AutoRun worms most common malware during Q1 2010

Share this article:
Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Two of the top five most prevalent pieces of malware during the quarter spread via the Windows AutoRun feature, according to McAfee's Q1 Threats Report. Cybercriminals use AutoRun to automatically install malicious software on a user's PC when an infected removable storage device is plugged in. The notorious Conficker worm spread this way.

“It does not require the user to click on it, which makes it particularly dangerous,” Dave Marcus, director security of research and communications at McAfee Avert Labs, told SCMagazineUS.com on Tuesday.

The threat vector is prevalent due to the widespread use of USB drives by consumers and enterprises, he said.

"Previously emerging trends, such as AutoRun malware, are now at the forefront,” Mike Gallagher, senior vice president and CTO of global threat intelligence for McAfee, said in a statement. “We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China."

Diploma spam, which advertises the sale of forged diplomas, was the most popular type of spam in China, South Korea and Vietnam, according to the report. Meanwhile, Singapore, Hong Kong, and Japan all had high rates of Delivery Status Notification (DSN) spam, which are forged email nondelivery receipt error messages, Marcus said.

In the United States, the majority of spam was comprised of DSN messages and emails trying to hawk merchandise, such as replica purses and jewelry.

The earthquakes in Haiti and Chile were the top two significant events exploited by spammers during the quarter, the report states.

Overall, spam volume increased five percent from the fourth quarter of 2009 to the first quarter of 2010. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 percent of all email traffic, up from 133 billion email messages per day in the prior quarter.

The report also found that 98 percent of new malicious URLs worldwide are hosted on servers in the United States. McAfee researchers attributed this to malware distributors regularly abusing Web 2.0 services, which are highly prevalent in America.

Looking forward, attackers likely will continue to abuse social networking sites such as Twitter for malicious purposes, Marcus predicted. And PDF threats will remain common throughout the year.

“PDFs are heavily targeted right now, and Twitter is going to be ripe for abuse going forward,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear ...

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other ...

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.