Microsoft: One in 14 downloads is malicious

Discussion in 'The Water Cooler' started by reghakr, May 18, 2011.

  1. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    IDG News Service - The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.

    In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

    Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.

    So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.

    Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.

    Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.

    "The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.

    In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

    With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.

    IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.

    Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."

    When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.

    Source: Microsoft: One in 14 downloads is malicious - Computerworld
     
  2. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Microsoft has warned that one in every 14 programs you can download will be malware.

    Writing in his blog, Volish SmartScreen program manager Jeb Haber said that feedback from Microsoft's Internet Exploder showed that one in every 14 programs downloaded turned out to be malicious code.

    Haber said that social-engineering attacks, like tricking a user into running a malicious program, were more common than attacks on security vulnerabilities.

    He said that Vole's "SmartScreen" technology has blocked more than 1.5 billion attempts to slip malware into computers since IE8 was released in 2009.

    According to Haber, user-downloaded malware is a huge problem and is getting bigger.

    IE9 checks the reputations of websites and their creators to let internet users know when they are dealing with unknown sites. Its theory is that people should be cautious about buying something online from a complete stranger.

    The idea is reputation software helps protect users from newly released malware programs which pretend to be legitimate software.

    However, generally, social engineering techniques appear to be successful and trick a large number of people into downloading bogus software.

    Read more: One in 14 downloads is malicious - Microsoft warns | TechEye
     

Share This Page

Loading...