Deceptive Downloads Often Bundle Malware, Ransomware

While criminals increasingly used deceptive downloads bundled with malware and ransomware, Microsoft says it has put up a tougher fight against cyber-crime.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Cyber-criminals are increasingly using "deceptive tactics" to circumvent the protections that Microsoft has built into its software over the past couple of years, according to the latest Security Intelligence Report (volume 16) from the company's Trustworthy Computing division.

Microsoft's products have grown more resistant to bugs that can grant remote hackers access to Windows systems and the data held therein, according to Tim Rains, a Trustworthy Computing director. His group's latest data "shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013," he said in a statement.

It's encouraging news for Microsoft, but this silver lining harbors a darker and potentially more dangerous cloud.

"Our data shows that in the second half of 2013 (2H13) there was a noticeable increase in cybercriminal activity where attackers used deceptive practices," stated Rains. Deceptive tactics include deceptive downloads that are bundled with malware and ransomware, which as the term suggests, locks users out of their systems until they pay up.

According to the study, Reveton, the top ransomware threat, was encountered 45 percent more times during the last half of 2013 than the previous six months. "The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled," added Rains.

Businesses and consumers also have to worry about malware that coordinate their activities. "Out of the top 10 threat families worldwide, a trio of threats known as Rotbrow, Brantall and Sefnit [has] been known to work together," a Microsoft spokesperson told eWEEK.

Rotbrow, a Trojan downloader, ranked as the "top threat family facing both enterprises and consumers in 4Q13," stated the spokesperson. A similar threat called Brantall takes second place with an encounter rate of 36 out of every 1,000 systems running the company's anti-malware software during 2H13. Sefnit, a Trojan, is No. 7 among the risks to Windows systems.

Cyber-criminals are also exhibiting unusual cunning in terms of delivering a deceptive download's payload. Rains' analysis indicates that some malware coders don't mind a little delayed gratification.

"The malware may be installed immediately or at a later date as it assesses the victim's computer's profile," stated Rains. Pokey PC performance may be the only hint that nefarious software is operating in the background.

"It could be months, or even years, before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected," said Rains.

To combat these threats, Microsoft suggests upgrading to the latest, presumably more secure versions of a given software product whenever possible and implementing an antivirus solution. Other recommendations include downloading software exclusively from trusted sources, avoiding links from unknown or unsolicited sources and keeping backups of valuable data and files.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...