AutoRun growing as an infection vector.

ESET has announced that for the third consecutive month INF/Autorun, a generic detection for malware that uses the Windows Autorun facility to infect machines, was the number one detected threat in February according to ESET's ThreatSense.Net statistical reporting. The AutoRun facility allows programs on removable media such as CDs, DVDs and USB memory sticks to run automatically when the media is present. Although very convenient for installing legitimate programs, it is now frequently used as an infection vector that many security experts, including ESET, recommend that users disable the functionality.

"Trojans using Autorun to infect computers is one of the more common threats that we have been seeing for several months now. In fact, this is one of the tricks the infamous Mocmex "digital photo frame" malware uses," comments David Harley, of ESET's Research team. "Turning off the Autorun feature reduces the risk of infection, but as with any portable storage media, users should ensure that USB devices are scanned when they're opened, to make sure nothing malicious is lurking there."

Highlighted in this month's report is the adware family, Win32/Adware.Virtumonde (Vundo), which is frequently amongst the top five threats of ESET's ThreatSense.Net data. Bot herders are paid to install it on compromised machines, where it then directs the compromised machine to sites used as proxies for advertisements at addresses stored locally in the System32 folder. Virtumonde is not self-replicating, but is widely disseminated and can be very difficult and time-consuming to remove if it does manage to get itself installed.

Top 10 Threats for February

1 INF/Autorun--9.43%

2 Win32/Adware.SearchAid--8.05%

3 WIN32/Toolbar.MyWebSearch--3.11%

4 Win32/Adware.Virtumonde--2.09%

5 Win32/Adware.Virtumonde.FP--1.69%

6 Win32/Pacex.Gen--1.65%

7 Win32/Agent 1.53%

8 WIN32/Obfuscated.A1--1.33%

9 Win32/IRCBot.AAH--1.17%

10 Win32/PSW.OnLineGames.NLI--1.15

www.threatsense.net