It's that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published Annual Global Threat report and November Threatsense report, but we thought it might be nice to post some of the information in one or two of those top ten lists here for those who may find the length of the full reports a little daunting, as well as a taster for those who don't. Rather than simply reproduce those lists, we'll consider individual items at more length over the next few days.
Perhaps one of the more useful ideas that was tossed around was a top ten of things that people can do to protect themselves against malicious activity. This is the item that we pretty much all agreed should be top of the list.
Disable Autorun in Windows: this facility is consistently exploited by the class of malware ESET detects as INF/Autorun, among other threats. We've been considering this issue in detail for quite a while, now: for instance, in Randy Abrams' blog here. That class of malware has been consistently at or near the top of our monthly worldwide top ten reported threats as long as I've been tracking them. Don't assume, though, that that single precaution will save you from every example of that type of threat. Most malware uses more than one technique to infect targeted systems.
More later.
David Harley
Director of Malware Intelligence