Deceptive downloads were the most dominant deceptive technique being used by cybercriminals worldwide for malicious purposes during the second half of 2013, according to the 16th edition of Microsoft’s Security Intelligence Report (SIR).
The SIR provides an in-depth perspective on malicious and potentially unwanted software, software exploits, security breaches and software vulnerabilities both in Microsoft and other third-party software.
Utilized for 95% of the 110 countries where the study was conducted, deceptive downloads are malware bundled with legitimate downloadable content such as software, music or videos. The impact of this deception is not immediately seen as infected machines often continue to function. However, the malware’s deceptive operations can damage an individual’s online reputation over time.
Tim Rains, Director of Trustworthy Computing at Microsoft Corporation, said that computers that had to be disinfected worldwide as a result of deceptive tactics more than tripled in the last quarter of 2013.
Tim Rains, Director of Trustworthy Computing at Microsoft Corporation, said that computers that had to be disinfected worldwide as a result of deceptive tactics more than tripled in the last quarter of 2013. “There is a big increase in malware that is loaded with downloads,” he said.
To measure the prevalence of malware, Microsoft uses two metrics namely the encounter rate or the percentage of computers running Microsoft real-time security products that report a malware encounter, whether the infection attempt succeeds or not; and the infection rate or the number of computers cleaned for every 1,000 unique computers executing Malicious Software Removal Tool (MSRT), a free tool distributed through Microsoft update services that removes more highly prevalent or serious threats from computers.
Malware encounter cases are much more common than malware infections, both in the Philippines and worldwide. The report says that in the Philippines, 46.3% of computers encountered malware in the fourth quarter of 2013 as compared with the detection and removal of malware from 32.1of every 1,000 unique computers scanned by the MSRT. Worldwide, the encounter rate for the fourth quarter was 21.6% as against the infection rate of 17.8% for the same quarter.
The encounter rate for both the Philippines and worldwide increased slightly. From 43.9% encounter rate the Philippines had in the third quarter of 2013, it rose to 46.3% in the fourth quarter. Worldwide, the encounter rate also grew from 20.2% in the third quarter to 21.6%. On the other hand, infection rates in the Philippines rose sharply from third quarter’s 17.3% to 32.1% in the fourth quarter while infection rates globally grew significantly to 17.8% in the fourth quarter from 5.6% in the previous quarter.
Using the encounter rate metric, it was found out that the most common threat category in the Philippines in the fourth quarter of 2013 was Worms. This malware was encountered by 23.9% of all reporting computers, down from 29.6% in the third quarter last year. In this category, Gamarue was the most prevalent threat, which affected 14.3% of reporting computers in the fourth quarter. Gamarue is a worm that is commonly distributed via exploit kits and social engineering.
The second most common threat was Miscellaneous Trojans which was encountered by 18.4% of all computers, down from 21.4% in the third quarter, with Obfuscado as the most widespread, infecting 4.1% of all computers.
Encountered by 18.3% of all computers, the Trojan Downloaders and Droppers became the third most common encountered threat category in the fourth quarter, led by Rotbrow which affected 12.5% of all computers included in the study. Rotbrow is a Trojan that installs browser add-ons that claim to offer protection from other add-ons.
Other common threats encountered in the Philippines in the last quarter were VBS/Jenxcus, a worm that gives an attacker control of the computer, which affected 7.3% of all reporting computers; and Brantall, a Trojan that often pretends to be an installer for other legitimate programs, which affected 5.8% of computers.
Based on infection rate, the report revealed that the most common threat infecting computers in the Philippines during the last quarter was Rotbrow, which was detected and removed from 19.1 of every 1,000 unique computers scanned. Gamarue, which was detected and removed from 6.8 of every 1,000 unique computers scanned, was the second prevalent threat affecting computers. The third was Sefnit which infected 2.8 of every 1,000 unique computers. Sefnit is a Trojan that can allow backdoor access, download files, and use the computer and Internet connection for click fraud..
Another deceptive practice that continues to affect users globally was the Ransomware, a malware designed to render a computer or files unusable until the user pays a certain amount of money to the attacker or takes other actions. Globally, the amount of ransomware threats encountered increased by 45% between the first and the second half of 2013. It, however, is good for the Philippines as Rains said, “We don’t see a lot of ransomware in the Philippines.”
Cybercriminals also use Web sites in conducting phishing attacks or in distributing malware. According to Microsoft, the Philippines was below the worldwide average in terms of phishing sites per 1,000 hosts. For the fourth quarter of 2013, the Philippines got an average of 2.74% while worldwide average reached 5.48%. In contrast, the Philippines average of 21.90% in terms of malware hosting sites per 1,000 hosts in the fourth quarter was higher than global average of 18.41%.
Rains said that these malware and other threats do not only affect computers, it can be seen in, and affect, mobile phones too. “Phishing is the number one threat in mobile phones,” he said.
Microsoft advised customers to take the necessary actions to help them be protected like using newer software, downloading content from a trusted vendors, running up-to-date antivirus, think before clicking, and backing up files.
“Keeping cybercriminals on the run requires a robust security strategy,” said Rains. “The safest houses don’t just have locked doors, they have well-lit entry points and advanced security systems. It’s the same with computer security – the more we layer our defenses the better we are at thwarting attacks.”
