AutoRun worms most common malware during Q1 2010

Share this article:
Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Two of the top five most prevalent pieces of malware during the quarter spread via the Windows AutoRun feature, according to McAfee's Q1 Threats Report. Cybercriminals use AutoRun to automatically install malicious software on a user's PC when an infected removable storage device is plugged in. The notorious Conficker worm spread this way.

“It does not require the user to click on it, which makes it particularly dangerous,” Dave Marcus, director security of research and communications at McAfee Avert Labs, told SCMagazineUS.com on Tuesday.

The threat vector is prevalent due to the widespread use of USB drives by consumers and enterprises, he said.

"Previously emerging trends, such as AutoRun malware, are now at the forefront,” Mike Gallagher, senior vice president and CTO of global threat intelligence for McAfee, said in a statement. “We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China."

Diploma spam, which advertises the sale of forged diplomas, was the most popular type of spam in China, South Korea and Vietnam, according to the report. Meanwhile, Singapore, Hong Kong, and Japan all had high rates of Delivery Status Notification (DSN) spam, which are forged email nondelivery receipt error messages, Marcus said.

In the United States, the majority of spam was comprised of DSN messages and emails trying to hawk merchandise, such as replica purses and jewelry.

The earthquakes in Haiti and Chile were the top two significant events exploited by spammers during the quarter, the report states.

Overall, spam volume increased five percent from the fourth quarter of 2009 to the first quarter of 2010. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 percent of all email traffic, up from 133 billion email messages per day in the prior quarter.

The report also found that 98 percent of new malicious URLs worldwide are hosted on servers in the United States. McAfee researchers attributed this to malware distributors regularly abusing Web 2.0 services, which are highly prevalent in America.

Looking forward, attackers likely will continue to abuse social networking sites such as Twitter for malicious purposes, Marcus predicted. And PDF threats will remain common throughout the year.

“PDFs are heavily targeted right now, and Twitter is going to be ripe for abuse going forward,” he said.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.