It was initially classified as harmless by security firms, but a Web browser add-on drove a three-fold increase in infections on Windows computers at the end of 2013. That's the report from Microsoft's Trustworthy Computing Security Science team. And that's not the only malware that has flown under the radar screen.
But there is also good news. Microsoft reported a 70 percent decline in the number of severe vulnerabilities -- classified as those that can enable remote code execution -- that were exploited in Microsoft products from 2010 to 2013. That proves new security tools are helping PC users win the fight.
"While this trend is promising, cybercriminals aren't giving up. Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices," said Tim Rains, a director in Trustworthy Computing at Microsoft. "The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled."
Avoiding Deceptive Tactics
The number of infected Windows computers jumped from 5.8 per 1,000 in the third quarter to about 17 per 1,000 in the last quarter of the year, largely due to malware called Rotbrow, which masquerades as a security add-on called Browser Protector, Rains said. Rotbrow is a "dropper," meaning it has the ability to download other malware onto a computer. But because it didn't initially download any malware, security firms labeled it benign. Later on it began to do just that and Microsoft spotted it.
It's these so-called "deceptive tactics" that often go undetected by many security firms, Microsoft said. And deceptive downloads -- which are often bundled with legit content like games, music and software -- are the top threat in 95 percent of the 110 regions in the study.
"In addition to what the person thought they were getting, the download also installs malware. The malware may be installed immediately or at a later date as it assesses the victim's computer's profile," Rains said. "It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected."
In the last half of 2013, Microsoft reports, deceptive downloads were definitely in vogue with cybercriminals. Ransomware -- where a cybercriminal hijacks a PC and holds it for ransom until the owner pays a fee -- are also on the rise with a 45 percent year-over-year increase.
"It is important to note that while deceptive tactics have increased in prevalence, there are actions people can take to help protect themselves and their organizations," Rains said. "Using newer software whenever possible and keeping it up to date, only downloading software from trusted sources, avoid opening e-mail and instant messages from untrusted or unknown senders, running antivirus software and keeping it up to date, and backing up valuable data and files, make it much harder for attackers who use deceptive practices to be successful."
'Click Happy' Users
We turned to Dwayne Melancon, chief technology officer for security firm Tripwire, to find out what he had to say about Microsoft's report. He told us we tend to focus on technology when we talk about cyberattacks, but most successful attacks rely on deceiving people into thinking they are doing something they want to do.
"It's encouraging to see that there were fewer exploits that relied on security holes in Windows, Adobe Reader, and Adobe Flash in 2013, but the number of compromised computers skyrocketed anyway," Melancon said.
That, he said, is because there is a huge population of "click happy" users who download infected files and click on links that to malicious sites.
"We are making good progress plugging the technology holes, but social and psychological vulnerabilities are the ones most commonly exploited by cyberattackers," he said. "Unfortunately, there's no patch for user naivete."