Top 10 Malware Threats To Microsoft PCs

Most Malware Attacks Delivered Via Websites

Microsoft has classified individual threats into threat categories in Volume 14 of the Microsoft Security Intelligence Report. The report covers July through December 2012 and analyzes data collected from more than a billion Microsoft computers. The firm said seven out of the top 10 threats affecting enterprises that it categorized were delivered through websites. Although Microsoft breaks down the threats into categories, the company points out that most attacks are multipronged, leaving a generous amount of overlap.

10. Spyware

Spyware accounted for 0.2 percent of all malware detections in the fourth quarter of 2012. A program is labeled spyware if it collects information on victims without their consent, such as Web browsing habits. Spyware is often detected in China where pirated software is common. "Although Spyware was the least prevalent category in China, it was more than six times as prevalent there as in the world overall," Microsoft said.

9. Backdoors

Backdoor Trojans are used by cybercriminals to infect computers and control them as part of a botnet of infected machines. Dorkbot, an increasingly detected worm that spreads through removable drives, has a backdoor component, Microsoft said. The Ramnit Trojan, which has been detected stealing FTP credentials, also has backdoor functionality. Typically the malware infection attempts to contact a remote command-and-control server for instructions from the attacker or to download additional malware.

8. Password Stealers And Monitoring Tools

Banking Trojans and, more specifically, the detection of the Zeus Trojan family of banking malware drove the threat category. Zeus is sold as an automated attack toolkit. The Trojan can be distributed through spam messages or compromised websites. Zeus, also called Zbot, made up 3.7 percent of all detections on computer networks, according to Microsoft. Password stealers often work in conjunction with other malware components, such as keyloggers, designed to record keystrokes.

7. Viruses

Viruses are programs that infect other files in a computer. They are sometimes used by cybercriminals to turn off system processes, including antivirus and other security programs. Microsoft said it detected a high amount of infections of the Sality virus, which targets Windows executable files, delivering damaging malware that deletes files and cripples the normal system functions.

6. Trojan Downloaders And Droppers

Trojan downloaders and droppers made up 10.4 percent of detections in the fourth quarter of 2012. The activity was driven by infections of Swisyn, a family of Trojans that drops and executes malicious code on a victim's machine. Swisyn has been connected to keyloggers, worms and other malware types that attempt to record keystrokes, steal data and gain access to network drives and other systems.

5. Exploits

The Black Hole automated attack toolkit helped drive exploits into fifth place on Microsoft's list of threats. Attackers typically rent out the toolkit in hacking forums under a subscription model. The toolkit provides the cybercriminal with a number of exploits that attempt to target vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader. Microsoft said it also detected a high number of malicious .PDF files that execute when opened and attempt to exploit Adobe Acrobat and Reader vulnerabilities.

4. Worms

Detections of Dorkbot helped drive worms into fourth place. Dorkbot is one of a slew of IRC-based worms that spread through USB sticks and other removable drives. The malware can also spread through instant messaging programs and social networks, Microsoft said. The Conficker worm continues to fuel most of the activity in this category and remains the second most commonly detected family on computers joined on the same network.

3. Adware

Increased detections of Hotbar drove adware threats into third place in the fourth quarter of 2012. Hotbar is a toolbar that monitor's a victim's browsing behavior and develops targeted pop-up ads based on visited sites and search activity. The toolbar targets users of Internet Explorer and Firefox. Another adware program called DealPly displays offers related to the victim's browsing habits and is sometimes bundled with third-party software installation programs, Microsoft said.

2. Potentially Unwanted Software

Microsoft said the potentially unwanted software threat category was driven by increased reports of product key generators. The Keygen tool generates keys for software products and is used to run pirated software, but Microsoft said it is common to find other instances of additional malware on systems. Tools used to obfuscate malware through encryption and compression to avoid detection by antivirus were also commonly detected by Microsoft.

1. Trojans

The most commonly detected threat category in the last quarter of 2012 were Trojans, driven by Sirefef, a rogue security software family. Microsoft said that iFrameRef, a JavaScript Trojan that attempts to redirect the browser to another website, was also among the top malware families that it detected. The popular malware is used in Web application attacks. Microsoft said it detected iFrameRef redirections at least 3.3 million times in the fourth quarter of 2012.