As our December ThreatSense report (now available at http://www.eset.com/threat-center/threat_trends/Global_Threat_Trends_December_2009.pdf) was not only the last of the year but the last of the decade, it's rather longer and more detailed than usual, including a look back at the last 12 months. I suppose we could have gone back over the whole decade, but I have to sleep occasionally. ;-)
Inevitably, Win32/Conficker, INF/Autorun and gaming password stealers occupy the first three positions yet again. In fact, the most conspicuous feature of the December top ten is the preponderance of malware that exploits the Autorun vulnerability....err, facility. If you're using Windows 7, you'll probably have noticed that Autorun is disabled by default, and hopefully you'll leave it that way. ESET has published information on disabling Autorun in other versions of Windows at http://www.eset.com/threat-center/blog/2009/08/25/now-you-can-fix-autorun.
The most dramatic change to the top ten is the appearance of Win32/Spy.Ursnif.A. This label describes a spyware application that steals information from an infected PC and sends it to a remote location, creating a hidden user account in order to allow communication over Remote Desktop connections. More information about this malware is available at http://www.eset.eu/encyclopaedia/win32-spy-ursnif-a-trojanwin32-inject-kzl-spy-ursnif-gen-h-patch-zgm?lng=en.
As well as a lengthy retrospective section, there's a little crystal-ball gazing from the ESET teams in San Diego and Argentina concerning our thoughts on such major issues as social engineering, smartphone jailbreaking and rooting, the "walled garden" concept of blocking an ISP user's full access to the Internet when his or her system is compromised by malware, cloud computing, rogue software and extortion, misuse of social networks, the use and misuse of publicly available data, and so on.
Of course, for a more cynical view, you might want to look at this, if you haven't already: http://www.eset.com/threat-center/blog/2009/12/30/top-ten-trite-security-predictions
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/