AutoRun worms most common malware during Q1 2010

Share this article:
Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Two of the top five most prevalent pieces of malware during the quarter spread via the Windows AutoRun feature, according to McAfee's Q1 Threats Report. Cybercriminals use AutoRun to automatically install malicious software on a user's PC when an infected removable storage device is plugged in. The notorious Conficker worm spread this way.

“It does not require the user to click on it, which makes it particularly dangerous,” Dave Marcus, director security of research and communications at McAfee Avert Labs, told SCMagazineUS.com on Tuesday.

The threat vector is prevalent due to the widespread use of USB drives by consumers and enterprises, he said.

"Previously emerging trends, such as AutoRun malware, are now at the forefront,” Mike Gallagher, senior vice president and CTO of global threat intelligence for McAfee, said in a statement. “We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China."

Diploma spam, which advertises the sale of forged diplomas, was the most popular type of spam in China, South Korea and Vietnam, according to the report. Meanwhile, Singapore, Hong Kong, and Japan all had high rates of Delivery Status Notification (DSN) spam, which are forged email nondelivery receipt error messages, Marcus said.

In the United States, the majority of spam was comprised of DSN messages and emails trying to hawk merchandise, such as replica purses and jewelry.

The earthquakes in Haiti and Chile were the top two significant events exploited by spammers during the quarter, the report states.

Overall, spam volume increased five percent from the fourth quarter of 2009 to the first quarter of 2010. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 percent of all email traffic, up from 133 billion email messages per day in the prior quarter.

The report also found that 98 percent of new malicious URLs worldwide are hosted on servers in the United States. McAfee researchers attributed this to malware distributors regularly abusing Web 2.0 services, which are highly prevalent in America.

Looking forward, attackers likely will continue to abuse social networking sites such as Twitter for malicious purposes, Marcus predicted. And PDF threats will remain common throughout the year.

“PDFs are heavily targeted right now, and Twitter is going to be ripe for abuse going forward,” he said.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.