Application security, Malware, Network Security

AutoRun worms most common malware during Q1 2010

Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Two of the top five most prevalent pieces of malware during the quarter spread via the Windows AutoRun feature, according to McAfee's Q1 Threats Report. Cybercriminals use AutoRun to automatically install malicious software on a user's PC when an infected removable storage device is plugged in. The notorious Conficker worm spread this way.

“It does not require the user to click on it, which makes it particularly dangerous,” Dave Marcus, director security of research and communications at McAfee Avert Labs, told on Tuesday.

The threat vector is prevalent due to the widespread use of USB drives by consumers and enterprises, he said.

"Previously emerging trends, such as AutoRun malware, are now at the forefront,” Mike Gallagher, senior vice president and CTO of global threat intelligence for McAfee, said in a statement. “We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China."

Diploma spam, which advertises the sale of forged diplomas, was the most popular type of spam in China, South Korea and Vietnam, according to the report. Meanwhile, Singapore, Hong Kong, and Japan all had high rates of Delivery Status Notification (DSN) spam, which are forged email nondelivery receipt error messages, Marcus said.

In the United States, the majority of spam was comprised of DSN messages and emails trying to hawk merchandise, such as replica purses and jewelry.

The earthquakes in Haiti and Chile were the top two significant events exploited by spammers during the quarter, the report states.

Overall, spam volume increased five percent from the fourth quarter of 2009 to the first quarter of 2010. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 percent of all email traffic, up from 133 billion email messages per day in the prior quarter.

The report also found that 98 percent of new malicious URLs worldwide are hosted on servers in the United States. McAfee researchers attributed this to malware distributors regularly abusing Web 2.0 services, which are highly prevalent in America.

Looking forward, attackers likely will continue to abuse social networking sites such as Twitter for malicious purposes, Marcus predicted. And PDF threats will remain common throughout the year.

“PDFs are heavily targeted right now, and Twitter is going to be ripe for abuse going forward,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.