INF/Autorun malware and Conficker and still some of the top producing malware in the world, according to a malware report for July.
ESET compiles is statistics from live data retrieved by its systems around the world, and provides a reflection on what malware currently resides on people’s computers.
“Somehow INF/Autorun is still top of the pops, in spite of Microsoft’s neutering of the Autorun vector,” said security provider ESET senior research fellow David Harley. “And even though the Conficker botnet is essentially dormant, there are enough residual infections for our telemetry to keep picking up their presence.”
“The most interesting statistics aren’t necessarily the big numbers (unless there’s a sudden explosion of something),” said Harley. “Because the infected population is so large and our detections are usually very generic, they tend to change fairly slowly. Often the interesting stories are related to comparatively low and often localized infected populations.”
He talked about the “Dorifel/Quervar in the Netherlands,” and “Stuxnet and its siblings in Iran and the Middle East.”
Neither of these outbreaks are sufficiently widespread to figure highly in global league tables, but are of particular interest and concern to the researchers.
Dorkut malware may be an exception to these general principles. It figures high on the global tables (coming in fifth) but is local to South America and of great interest. Called Ngrbot by its author, Dorkut has become the weapon of choice for Latin American cybercriminals, spreading via removeable media and social networks. ESET found numerous small botnets used to steal home banking credentials.