Report: AutoRun malware infections continue topping the charts

Summary:Despite Microsoft's response to the rise of AutoRun malware infections in February, 2011, according to ESET's recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.

Despite Microsoft's response to the rise of AutoRun malware infections in February, 2011, according to ESET's recently released telemetry data for 2012, the infection vector tops their chart for a second year in a row.

What seems to be the problem?

It's called software piracy, which has the capacity to lead to the successful compromise of a host, thanks to the outdated third-party software and operating system that it's running, as well as the often backdoored software cracks/key generators distributed to gullible users.

In 2009, the Business Software Alliance (BSA) released a report connecting the high malware infection rates of several countries, to the piracy rate corresponding to the same countries. In a blog post back then, Symantec also speculated that "The lack of patching due to piracy may be a contributory factor to high infection rates in those countries."

Does software piracy automatically translate into a successful malware infection on the host in question? It can greatly contribute to such an event, taking into consideration the fact that millions of Internet connected users within developing countries are currently online using pirated versions of Microsoft's Windows OS, preventing them from obtaining the latest security patches, including the one that's preventing the abuse of the AutoRun feature.

When speculating on the logical connection between software piracy and malware infection rates, it's worth emphasizing the fact that, on a large scale, cybercriminals tend to exploit browser/browser plugin specific flaws, compared to actually building an inventory of client-side exploits targeting popular third-party software, and OS specific flaws. At least that's what I've been observing over the past couple of years, an observation which naturally excludes targeted attacks/cyber espionage campaigns which can utilize these.

With this in mind, it shouldn't be surprising that AutoRun infections continue topping ESET's charts, years after Microsoft took care of the problem, and even reported a decline in this type of infections thanks to their response to the issue. It's basically users running a pirated/outdated version of their Windows OS.

What do you think? If not software piracy, what's still contributing to the existence of AutoRun infections, years after Microsoft (supposedly) fixed the problem?

Find out more about Dancho Danchev at his LinkedIn profile.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.