Report: Conficker and AutoRun infections proliferating

Report: Conficker and AutoRun infections proliferating

Summary: According to ESET's most recently released ThreatSense Report, two of the most prevalent threats for the year of 2011 remain AutoRun infections, followed by Conficker infections.

SHARE:
TOPICS: Security
17

According to ESET's most recently released ThreatSense Report, two of the most prevalent threats for the year of 2011 remain AutoRun infections, followed by Conficker infections.

ESET attributed the growth of AutoRun and Conficker infections to millions of Internet-connected pirated copies of Windows XP and Vista, not able to receive Microsoft's updates thanks to the Windows Genuine Advantage wall.

Microsoft disabled AutoRun on Windows XP and Windows Vista machines in February, 2011, leading to a significant decline in AutoRun infections, at least according to Microsoft' sensor networks.

Software piracy, indeed leads to a higher malware infection rates.

What do you think?

Talkback.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • So should MS allow pirated copies of Windows be updated

    so as to protect the legitmate users? Tough call.
    William Farrel
    • RE: Report: Conficker and AutoRun infections proliferating

      @William Farrel

      Microsoft DOES allow Windows Updates to run - even on un-genuine systems.
      The one and only, Cylon Centurion
      • RE: Report: Conficker and AutoRun infections proliferating

        @Cylon Centurion

        .. .Security Updates. Is switching off autorun a security update? It wasn't when it was announced. In fact, my memory says it was specifically called a Non Security Update ...
        whatagenda
      • RE: Report: Conficker and AutoRun infections proliferating

        @Cylon Centurion wrote:<br>"Microsoft DOES allow Windows Updates to run - even on un-genuine systems.<br><br>Security updates only, up to and including Windows 7:<br><br>"Microsoft: Pirated Windows 7 Will Still Get Updates<br> <a href="http://www.tomshardware.com/news/windows-pirate-bootleg-security-patches,7666.html" target="_blank" rel="nofollow">http://www.tomshardware.com/news/windows-pirate-bootleg-security-patches,7666.html</a><br><br>However, this doesn't mean that individuals using pirated copies of Windows actually apply the security patches. I would suspect that many are (rightly) scared to do so.<br><br>P.S. It amuses me greatly that so many users prefer pirated Microsoft software to open-source software. The last I checked, pirated versions of Windows from a market share perspective exceeded both Mac OS X and desktop Linux market share combined.
        Rabid Howler Monkey
      • More amusement

        @RHM
        [i]However, this doesn't mean that individuals using pirated copies of Windows actually apply the security patches. I would suspect that many are (rightly) scared to do so.[/i]

        You mean, are ([s]rightly[/s] wrongly) [s]scared[/s] ignorant to do so. It's one thing to be a garden-variety, holes in pocket, pleb pirate; it's another to be a hopelessly ignorant one, without as much as noob 101 skills or smarts. *burp*

        [i]The last I checked, pirated versions of Windows from a market share perspective exceeded both Mac OS X and desktop Linux market share combined. [/i]

        One country alone can account for that statistic, you don't even need to factor in the other 200 or so nations that comprise Mother Earth. That country is China. Communist China, now reclassified as 14 karat gold China. Of course none other than mighty Microsoft ensured it would [s]rightly[/s] wrongly be that way:

        [i]"[A]s long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect in the next decade." [/i]
        ~ Attaboy Bill Gates [referencing software piracy in China from 1998 speech]

        Well as we know that decade has since passed, and they're still trying to figure out how to tighten those rickety red screws. :x
        klumper
      • Not that they aren't, er, trying

        Latest from the eastern front: 01.10.2012
        [b]Microsoft alleges piracy in China lawsuits[/b]
        http://tinyurl. com/7hzvkym [remove space]
        klumper
      • RE: More amusement

        @klumper wrote:<br>"You mean, are (rightly wrongly) scared ignorant to do so. It's one thing to be a garden-variety, holes in pocket, pleb pirate; it's another to be a hopelessly ignorant one, without as much as noob 101 skills or smarts. *burp*<br><br>Nope. I meant exactly what I wrote. If I were using pirated Microsoft software, I would be scared to apply security updates because I would expect Microsoft to aggressively gather as much intelligence as possible on the pirates. And subsequently use that intelligence to shut the pirates down.<br><br>At my skill level, I would either dual-boot pirated Windows with desktop Linux (or BSD) or I would run Windows as a guest OS using the free VirtualBox software, with snapshots, on top of a desktop Linux host OS. Alternatively, I might install free system virtualization software such as Returnil or [get this!] Microsoft's Windows SteadyState so that I could simply reboot to restore. I would in any case, however, run in Windows as a limited or standard user. In addition, I would install and employ free application virtualization software such as BufferZone Pro. Finally, I wouldn't apply Windows security updates through automatic updates to pirated Windows. Period.<br><br>As far as being 'hopelessly ignorant', those users running licensed versions of Windows that fail to apply security updates certainly fall into this category.
        Rabid Howler Monkey
      • Understandable, or unforgivable?

        @RHM <br>[i]If I were using pirated Microsoft software, I would be scared to apply security updates because I would expect Microsoft to aggressively gather as much intelligence as possible on the pirates. [/i]<br><br>Considering MS has pretty much always - albeit reluctantly - given a green light on security patches to even the pirate community via automatic or manual means, and for no other reason than to improve the overall WWW/computing ecosystem for all by reducing the number of potential target machines, and thus reining in the spread of malware via cross contamination, botnets, etc. <br><br>I say hopelessly ignorant because one that fumbles with keygens, merge keys, retooled cores, exe subs, kill switches and other end-around "fixes" really should have enough puter sense to have gotten hip to the extent and reach of Microsoft's punitive and intelligence gathering arm by this point in time. <br><br>Hard to believe one could learn the ropes on one end of the "fixing" equation, but not the other. More so when MS is gifting them additional enhancements. Alas, not all pirates are (obviously) created equal.

        :O *Hopelessly =|= ignorant* :| indeed
        klumper
      • RE: Understandable, or unforgivable?

        @klumper The rationale I posted for using desktop Linux (or BSD) along with a pirated Windows OS needs a bit more explanation. I would not consider pirated Windows to be a trusted OS, even with security updates from Microsoft and a good free anti-virus product which together constitute the conventional approach to security taken by most users. The OS is tainted from the get-go. There's no way that I would use pirated Windows for sensitive online activities such as online banking and commerce. Or even for more mundane activities such as Facebook, IM or email. I, personally, would disable networking on a pirated Windows OS. That's what the Linux (or BSD) desktop would be for. Now, this might work in the U.S. or much of Europe where most web sites are developed for open standards. But, what of China, where as you noted above there are more pirated versions of Windows, mostly Windows XP, than any other country on the planet?<br><br>China is currently locked into Windows XP, Internet Explorer 6 and ActiveX controls used by many Chinese web sites. Would updating to Internet Explorer 8 even make a difference? I say not much because with Windows XP, one must be the Administrator to install ActiveX controls. Thus, I would presume that most users in China are running Windows XP as Admin so that they can easily install/update ActiveX controls when needed. The combination of Windows XP SP1/2/3 (take your pick), Internet Explorer 6/7/8 (again, take your pick), ActiveX and running as Admin is game over for most of these users whether one is applying Microsoft's security patches to the OS or not. All it takes is one malicious ActiveX control of which there are many in China.<br><br>While desktop Linux (or BSD) would be much safer, this option is pretty much useless as a standalone system in China because of the high dependence on XP, IE and ActiveX. Even if those Chinese users running pirated Windows only used it for online banking and commerce sites, they would still likely get nailed by malware miscreants breaking into these 'trusted' web sites and either serving malware directly or redirecting the users to sites that serve malware.<br><br>Just curious, do you run your Windows XP systems for day-to-day use as the Administrator? If so, is Internet Explorer your default web browser. And do you install ActiveX controls when a web site requests that you do so because, well, they pretty much all do?<br><br>With regard to not all pirates being created equal, my Windows systems are all legitimate and fully up-to-date with Microsoft's security patches. I even have two Windows Vista Home Premium licenses, a 32-bit retail and a 64-bit OEM, that are not even installed. The first was purchased at a local retail store (I still have the receipt) and the second has the 25-digit license code stuck on the bottom of the laptop it came with (it's currently running Linux). And as for virtualization, I run my Linux VMs on top of my Windows systems. I've no need to isolate my legitimate Windows OSs.
        Rabid Howler Monkey
      • Agree in general, but with one key exception

        @RHM
        [i]I would not consider pirated Windows to be a trusted OS, even with security updates from Microsoft and a good free anti-virus product...[/i]

        Using a "fixed" copy of Windows is inherently risky, that's a given. However updating to the latest service pack and browser is always smart, along with timely security patching. Toss in basic, safe computing practices and a modicum of knowledge, and one can be relatively secure on XP even this late into the game. Things in that regard changed dramatically with the release of SP2.

        Truth is, XP can be used as a daily and even in admin running network shares (caveat: standard account would be better). One of my units runs as such and has for years, and believe it or not, without A-V. It's wired to the net 24/7 pulling data thru broadband pipes behind a solid router and firewall, while everything stated above is firmly in place. I'm typing on it as we speak. ;)

        Where the great 90%ers - novices and freeloaders - screw up is with the last part of the security equation more than any other -- practicing safe computing. That stems from ignorance and a lack of discipline, in roughly equal parts. The same tripwire that plagues us all in life to one extent or another, sooner or later.

        But in the realm of computing and interfacing, it's a make or break proposition. It mostly boils down to PEBCAK, now as in the past. In regards to Linux, trust me if one can't keep a relatively straight-forward WinOS machine maintained and patched, they're that much further removed from getting on top of the Linux curve. It's a shame too.

        PS. Though using pirate and scene "fixed" software always entails a certain degree of risk, far greater numbers are compromised from PEBCAK, truth be known. Slipshod computing practices are the dearth of progress on the security front. What is saddest is it doesn't really take much to get there, and from both sides of the equation (compromise -VS- protection).
        klumper
  • RE: Report: Conficker and AutoRun infections proliferating

    As soon as you thought it was safe.
    Return_of_the_jedi
    • my system is safe

      @Return_of_the_jedi
      Its always up to date, nothing to worry about.
      John Zern
      • my system is safe - fixed

        @John Zern <br>Its always up to date, less to worry about. ;)
        klumper
      • Nothing to worry about?

        Autorun (a bizarre decission) wasn't an issue pre feb-2011.

        No other attack vectors available on updated windows (or any othe OS)?
        Richard Flude
      • RE: Report: Conficker and AutoRun infections proliferating

        @Richard Flude
        Convenience for the user versus security ... always a bit of a conflict. This is the same 'decision' that Apple applied to OSX and the default setting of ???Open ???safe??? files after downloading??? that allowed the trogan MAC Defender to 'install' without requesting priveledge. Not much different than the autorun MS used BEFORE the exploits became mainstream. Most Windows XP machines were, just like single user MACs, set up to not require a password to run the installer.
        20/20 hindsight is always pretty good huh?
        whatagenda
      • Neither required hindsight

        Open safe files is a terrible setting and one that I've always disabled. It was obvious this woulD be used for a successful exploit. <br><br>Autorun, as is activex and macros within documents are all stupid decissions and have obvious security implications, none requiring any hindsight at all, let alone 20/20.
        Richard Flude
  • RE: Report: Conficker and AutoRun infections proliferating

    Lol, it's funny how dumb some pirates can be, others, like those in my neighbourhood, have Windows Se7en Ultimate running exactly like a legal copy but guess what it actually is ;)
    MrElectrifyer