Skip nav

AutoRun growing as an infection vector

Latest detection statistics from ESET

Bournemouth, UK (4th March 2008) - ESET announced today that for the third consecutive month INF/Autorun, a generic detection for malware that uses the Windows Autorun facility to infect machines, was the number one detected threat in February according to ESET’s ThreatSense.Net statistical reporting.

The AutoRun facility allows programs on removable media such as CDs, DVDs and USB memory sticks to run automatically when the media is present. Although very convenient for installing legitimate programs, it is now frequently used as an infection vector that many security experts, including ESET, recommend that users disable the functionality.

"Trojans using Autorun to infect computers is one of the more common threats that we have been seeing for several months now. In fact, this is one of the tricks the infamous Mocmex "digital photo frame" malware uses," comments David Harley, of ESET's Research team. "Turning off the Autorun feature reduces the risk of infection, but as with any portable storage media, users should ensure that USB devices are scanned when they're opened, to make sure nothing malicious is lurking there."

Highlighted in this month’s report is the adware family, Win32/Adware.Virtumonde (Vundo), which is frequently amongst the top five threats of ESET’s ThreatSense.Net data. Bot herders are paid to install it on compromised machines, where it then directs the compromised machine to sites used as proxies for advertisements at addresses stored locally in the System32 folder. Virtumonde is not self-replicating, but is widely disseminated and can be very difficult and time-consuming to remove if it does manage to get itself installed.

Top 10 Threats for February 2008

1 INF/Autorun – 9.43%
2 Win32/Adware.SearchAid – 8.05%
3 WIN32/Toolbar.MyWebSearch – 3.11%
4 Win32/Adware.Virtumonde – 2.09%
5 Win32/Adware.Virtumonde.FP – 1.69%
6 Win32/Pacex.Gen – 1.65%
7 Win32/Agent 1.53%
8 WIN32/Obfuscated.A1 – 1.33%
9 Win32/IRCBot.AAH – 1.17%
10 Win32/PSW.OnLineGames.NLI– 1.15%


About ThreatSense.Net

ThreatSense.Net includes data about all types of threats seen attacking user systems. This (anonymised) statistical information is collected from those users of ESET security software who choose to enable the reporting service in the product and gives a comprehensive view of the behaviour and spread of malware in the real world. Data is currently collected from more than 10 million systems.

About ESET

ESET develops software solutions that deliver comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that extends the ESET product line to include ESET Smart Security. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks.
Sold in more than 110 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in UK, Argentina and Czech Republic and is globally represented by an extensive partner network. For more information, visit or call 0845 838 0832.

PR Contact:

Sara Claridge
Marylebone Media Relations
+44 (0) 20 8133 5572
+44 (0) 7968 626838 (mobile)