Portable media is growing security threat

gallery

The latest malware detection statistics compiled by a number of IT security firms suggest portable media devices are being increasingly used to bypass enterprise security measures.

ESET's ThreatSense.Net detection report found that, for a third consecutive month, Trojan Ani.Gen with nearly four per cent of detections, remains the number one threat during June, as observed by ESET's ThreatSense.Net statistical reporting.

However, it was the rise of other threats such as Rjump.A into third place and INF/Autorun into fifth, which exploit the wide use of portable storage media, led ESET to state that this "shows this is increasingly a focus of attack for malware writers".

Win32/Rjump.A accounted for 2.26 per cent of all threats detected last month, jumping from fifth place in May to third in June. Rjump is a backdoor trojan that is able to propagate as a worm making copies of itself in external devices, like pen drives and memory sticks.

INF/Autorun went straight in at fifth place and is used by ESET to describe a variety of malware that use the autorun.inf file, which contains information on programmes to run automatically when media is inserted into a computer.

Paul Brook, UK managing director of ESET said: "Despite the fact that web based threats still make up the majority of the top ten threats detected during June, the growing popularity of portable storage devices has not gone unnoticed by malware writers," comments. "USB might have helped the device and gadget markets explode, but in doing so it has also provided easy pickings for malware writers to attack using multiple vectors."

IT security and control firm Sophos also warned of the INF/Autorun family of worms that is spreading by copying itself onto removable drives.

It highlighted the SillyFD-AA worm, which hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden autorun.inf file to ensure a copy of the worm is run the next time it is plugged into a Windows PC. It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".

Sophos experts said that as more and more businesses now have strong defences in place to protect against email-aware viruses and malware, hackers are increasingly looking for other less well defended routes, including portable or removable devices, to infect innocent users.

"With a significant rise in financially motivated malware, it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code" said Graham Cluley, senior technology consultant for Sophos.

Top 10 Threats for June 2007

1 Win32/TrojanDownloader.Ani.Gen - 3.95 per cent

2 Win32/BHO.G- 2.41 per cent

3 Win32/Rjump.A - 2.26 per cent

4 Win32/Spy.VBStat.J - 1.99 per cent

5 INF/Autorun - 1.83 per cent

6 Win32/Pacex.Gen - 1.56 per cent

7 Win32/Adware.Virtumonde - 1.47 per cent

8 Win32/Netsky.Q - 1.22 per cent

9 Win32/PSW.QQRob - 1.00 per cent

10 Win32/Rootkit.Vanti.EE - 0.88 per cent

Source: ESET

Email to a friend

Print this page