If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

Our anti-virus partner McAfee has released its Q2 Threats Report (PDF at link), and like the company’s Q1 report from earlier this year, it is sobering reading. 

The report says that spam volumes have increased by 140% since March, driven by major growth in botnet activity.  14 million new computers became parts of botnets in Q2 (that’s more than 150,000 per day), an increase of 16% over the previous quarter.

McAfee also reported growth in password-stealing Trojans, which is more proof that making money from illegal activity on the Internet is now a focus for criminal gangs.

The company also reported a surge in so-called Auto-Run malware, which exploits Windows’ Auto-Run capabilities and is most commonly spread via USB and portable devices.  As you’ll know, our Cruzer Enterprise with onboard McAfee AV can prevent the spread of malware via this vector, helping to protect corporate networks against this fast-emerging threat.

The UK Government is making giant strides in tightening up data security, and in public disclosure of security breaches, following the high-profile losses from public bodies over the past 18 months. 

The issue is being policed strongly.  This week, the Government’s Information Commissioner issued further warnings to a number of National Health Service bodies about the importance of protecting data, with instructions for them to adhere to the UK Data Protection Act.

Five healthcare bodies were found to have breached regulations, ranging from stolen laptops, lost CDs and lost USB flash drives.  All were unencrypted and all contained potentially sensitive patient data.

It’s good news that data protection and corporate governance is being enforced at this level.  With the right combination of policies and products, everyone’s data can be kept a little safer.

We often see newsflashes telling us about the latest data breach, caused by a lost thumb drive or stolen laptop.  But what happens after the initial loss?  What are the ramifications and the fall-out?

This article shows what happened after a loss of very sensitive data in August 2008, when an employee of IT contractor PA Consulting lost a USB flash drive with the details of all the UK’s 84,000 prisoners.

The contractor was working for the UK Government’s Home Office and human error led to the stick and the unencrypted data being misplaced.  The employee immediately told supervisors, who then told the UK Ministry of Justice (MoJ) and the Home Office.  Although police were brought in to search the offices and the employee’s home and car for the missing memory stick, it was never found.

The unhappy result was, the contractor lost its contract, and the employee’s and line managers’ jobs were lost too.  Home Office staff are now advised not to use flash drives.  All for a single data loss. 

The fact is, it’s impossible to stop devices getting lost or stolen.  But the risk can be mitigated – and the extensive, unpleasant fall-out stopped – by enforcing encryption on these devices.

After several years when the malware threat was steadily diminishing, the latest quarterly threat report from our anti-virus partner McAfee shows that it’s on the rise again. 

Zombie computers, which are controlled remotely by spam botnets, grew by about 12 million PCs in the first quarter - a 50% increase since the last quarter of 2008, McAfee said.  This also exceeds the previous record by 1 million.

And while the much-discussed Conficker worm has yet to reveal a malicious payload or real threat following its rapid spread earlier this year, it is a sign of things to come, said the report.  AutoRun-based malware, which can use USB drives to spread to new PCs, was seen in far greater numbers than Conficker in Q1 2009 this quarter.

So it’s wise to use secure USB drives like our Cruzer Enterprise, that features onboard, integrated anti-virus scanning, to stop Auto-run malware spreading this way.

The number of malware attacks rose by more than 200% in 2008, according to the latest EMEA Internet Security Threat Report from security vendor, Symantec.

During the course of the year, the company reported over 1.6 million new threats, making 2008 one of the worst ever in the anti-virus sector.  Trojan horses were the most common form of malware, accounting for 66% of the top potential infections in EMEA, as malware authors attempted to steal financial and other confidential data.

And one of the key attack vectors that the company warns will be used increasingly in 2009 and 2010 is USB memory sticks and other USB storage devices.  This follows the recent Conficker outbreak, which successfully exploited USB media to spread itself.  Malware experts agree that further worms will be found that can use USB drives to infect PCs and networks.

Yet again, the message is clear:  ensure your USB thumb drives are secured against malware risks.  Or use secure flash drives with onboard antivirus scanning, such as our Cruzer Enterprise drives, to stop USB-borne infections in their tracks.