There is some pretty interesting content in ESET's Threat Report for July:
- Urban Schrott talks about ESET Ireland's recent research into the ways in which people can recklessly aid and abet malware in compromising their own systems, by ignoring or bypassing AV protection.
- David Harley (oh, that would be me…) summarizes some of the recent research coming from colleagues in Russia, though it doesn't include a link to the paper on Win32/Hodprot which has just been published: Hodprot: Hot to Bot.
- There's a chance to catch up on two excellent blogs by the increasingly prolific Cameron Camp, plus an interesting summary of the current malware scene in Latin and South America.
- And, of course, the top ten detections recorded by ESET's ThreatSense.Net® telemetry.
- INF/Autorun 6.51%
- Win32/Conficker 3.88%
- Win32/Sality 2.03%
- Win32/PSW.OnLineGames 1.67%
- HTML/Iframe.B.Gen 1.67%
- HTML/ScrInject.B 1.56%
- Win32/Dorkbot 1.47%
- Win32/Autoit 1.27%
- HTML/StartPage.NAE 1.08%
- VBS/StartPage.NDS 0.97%
While there aren't too many surprises in the top positions, it's a sign of the times that malicious web scripts continue to be so effective. It's also noticeable that INF/Autorun may be dead but it isn't lying down. (See the June report for some thoughts on why that is.)
The July report, along with the two previous month's reports, is available on the Threat Center page at http://www.eset.com/us/threat-center.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow