Top 10 Malware Threats To Microsoft PCs10:00 AM EST Tue. Apr. 23, 2013
Microsoft has classified individual threats into threat categories in Volume 14 of the Microsoft Security Intelligence Report. The report covers July through December 2012 and analyzes data collected from more than a billion Microsoft computers. The firm said seven out of the top 10 threats affecting enterprises that it categorized were delivered through websites. Although Microsoft breaks down the threats into categories, the company points out that most attacks are multipronged, leaving a generous amount of overlap.
Spyware accounted for 0.2 percent of all malware detections in the fourth quarter of 2012. A program is labeled spyware if it collects information on victims without their consent, such as Web browsing habits. Spyware is often detected in China where pirated software is common. "Although Spyware was the least prevalent category in China, it was more than six times as prevalent there as in the world overall," Microsoft said.
Backdoor Trojans are used by cybercriminals to infect computers and control them as part of a botnet of infected machines. Dorkbot, an increasingly detected worm that spreads through removable drives, has a backdoor component, Microsoft said. The Ramnit Trojan, which has been detected stealing FTP credentials, also has backdoor functionality. Typically the malware infection attempts to contact a remote command-and-control server for instructions from the attacker or to download additional malware.
Banking Trojans and, more specifically, the detection of the Zeus Trojan family of banking malware drove the threat category. Zeus is sold as an automated attack toolkit. The Trojan can be distributed through spam messages or compromised websites. Zeus, also called Zbot, made up 3.7 percent of all detections on computer networks, according to Microsoft. Password stealers often work in conjunction with other malware components, such as keyloggers, designed to record keystrokes.
Viruses are programs that infect other files in a computer. They are sometimes used by cybercriminals to turn off system processes, including antivirus and other security programs. Microsoft said it detected a high amount of infections of the Sality virus, which targets Windows executable files, delivering damaging malware that deletes files and cripples the normal system functions.
Trojan downloaders and droppers made up 10.4 percent of detections in the fourth quarter of 2012. The activity was driven by infections of Swisyn, a family of Trojans that drops and executes malicious code on a victim's machine. Swisyn has been connected to keyloggers, worms and other malware types that attempt to record keystrokes, steal data and gain access to network drives and other systems.
The Black Hole automated attack toolkit helped drive exploits into fifth place on Microsoft's list of threats. Attackers typically rent out the toolkit in hacking forums under a subscription model. The toolkit provides the cybercriminal with a number of exploits that attempt to target vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader. Microsoft said it also detected a high number of malicious .PDF files that execute when opened and attempt to exploit Adobe Acrobat and Reader vulnerabilities.
Detections of Dorkbot helped drive worms into fourth place. Dorkbot is one of a slew of IRC-based worms that spread through USB sticks and other removable drives. The malware can also spread through instant messaging programs and social networks, Microsoft said. The Conficker worm continues to fuel most of the activity in this category and remains the second most commonly detected family on computers joined on the same network.
Increased detections of Hotbar drove adware threats into third place in the fourth quarter of 2012. Hotbar is a toolbar that monitor's a victim's browsing behavior and develops targeted pop-up ads based on visited sites and search activity. The toolbar targets users of Internet Explorer and Firefox. Another adware program called DealPly displays offers related to the victim's browsing habits and is sometimes bundled with third-party software installation programs, Microsoft said.
Microsoft said the potentially unwanted software threat category was driven by increased reports of product key generators. The Keygen tool generates keys for software products and is used to run pirated software, but Microsoft said it is common to find other instances of additional malware on systems. Tools used to obfuscate malware through encryption and compression to avoid detection by antivirus were also commonly detected by Microsoft.