We’ve just finished working on our monthly Threat Report. There aren’t many surprises in the top ten threats for June.

Conficker has taken over the "top spot", relegating INF/Autorun to second place. It’s difficult to say for sure what the significance is, given the relatively small percentage point involved: minor fluctuations in proportions from month to month can be ascribed to factors other than overall upward or downward trends. ThreatSense.Net® doesn’t distinguish between sources: it simply reports when it detects a Conficker infection attempt over any vector (network shares, USB etc).

As we’ve pointed out previously, the real story with Conficker is less the actual malware than the number of people who still aren’t taking elementary precautions such as timely patching and disabling Autorun, properly securing network shares and so on. I would guess that right now, the continuing prominence of Conficker in the ratings is due to lots of machines, mainly home machines or botnetted business machines, that are never patched or properly protected by AV, often because the owner doesn’t bother with all that, or maybe sometimes because of a longstanding infection that’s blocking patches and updates and has never been noticed.

Rather more notable, perhaps is the entry of Win32/TrojanDownloader.Bredolab.AA into the top ten at number 10. I feel like a DJ when I make a statement like that… (but where will I get one at this time of the afternoon?)

Continued @ ESET Threat Center Blog