It was initially classified as harmless by security firms, but a Web browser add-on drove a three-fold increase in infections on Windows computers at the end of 2013. That's the report from Microsoft's Trustworthy Computing Security Science team. And that's not the only malware that has flown under the radar screen.
But there is also good news. Microsoft reported a 70 percent decline in the number of severe vulnerabilities -- classified as those that can enable remote code execution -- that were exploited in Microsoft products from 2010 to 2013. That proves new security tools are helping PC users win the fight.
"While this trend is promising, cybercriminals aren't giving up. Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices," said Tim Rains, a director in Trustworthy Computing at Microsoft. "The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled."
Avoiding Deceptive Tactics
The number of infected Windows computers jumped from 5.8 per 1,000 in the third quarter to about 17 per 1,000 in the last quarter of the year, largely due to malware called Rotbrow, which masquerades as a security add-on called Browser Protector, Rains said. Rotbrow is a "dropper," meaning it has the ability to download other malware onto a computer. But because it didn't initially download any malware, security firms labeled it benign. Later on it began to do just that and Microsoft spotted it.
It's these so-called "deceptive tactics" that often go undetected by many security firms, Microsoft said. And deceptive downloads -- which are often bundled with legit content like games, music and software -- are the top threat in 95 percent of the 110 regions in the study.
"In addition to what the person thought they were getting, the download also installs malware. The malware may be installed immediately or at a later date as it assesses the victim's computer's profile," Rains said. "It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected."
In the last half of 2013, Microsoft reports, deceptive downloads were definitely in vogue with cybercriminals. Ransomware -- where a cybercriminal hijacks a PC and holds it for ransom until the owner pays a fee -- are also on the rise with a 45 percent year-over-year increase. (continued...)