Malware Infects About 13 Percent of Home Networks: Kindsight Report

A network security provider finds that 13 percent of home networks in North America are infected with malware, including 2.2 million systems infected with the botnet using compromised systems for click fraud.

Malware continues to plague home users, with about 13 percent, or nearly one-in-seven home networks showing signs of at least one compromised system, network security firm Kindsight stated in a report published Oct. 30.

The firm, which provides security services to major Internet service providers, can detect when computers are trying to communicate with a malicious domain or server. In the third quarter of 2012, some 6.5 percent of home networks showed signs of hosting highly dangerous malware, such as a banking Trojan or bot software, while 8.1 percent showed signs of more moderate infections, such as adware or spyware. Some networks had both types of infections.

"Ofttimes, with an infected user, their system is infected with three or four different kinds of malware at the same time," said Kevin McNamee, security architect and director with Kindsight. "The guy that originally infected them is renting them out to other people for other purposes."

The top threat affecting users' systems is the ZeroAccess botnet, which accounted for almost 29 percent of all home-network infections. Another 8 percent of home users have systems compromised by two other serious botnets: TDSS and Alureon. The top two adware and spyware packages, considered less serious by Kindsight, accounted for another 20 percent of compromised networks.

Using the total number of Internet-connected PCs and the rate of infections, Kindsight researchers estimated that some 2.2 million PCs are infected with ZeroAccess. The botnet is primarily being used for two criminal schemes: Click fraud, which uses an infected PC to click on online which allows them to earn an affiliate fee or lets them steal Bitcoins, a digital currency.

The criminal operators controlling the ZeroAccess botnet have made several enhancements to the program to make the clicks appear to be from a real person using a real browser.

"The bots are programmed to follow the ad-click through to the advertiser’s landing page through several layers of redirection, loading all the html, JavaScript and graphics components as would a regular browser," Kindsight's report stated. "This also consumes significant bandwidth."

The company tests have shown that a typical ZeroAccess-infected PC will click on 140 ads every day, consuming more than 240MB of bandwidth. Other research has estimated that the criminals are paid about 5 cents per click for approximately 18 of the 140 clicks, suggesting that the criminals are costing advertisers $900,000, if half the botnet is being used for click fraud.

Mobile devices are much less of a target, according to Kindsight's data. Only 0.3 percent of mobile phones—or laptops connected through a tethered mobile device—show signs of infection. When bad applications, such as those with aggressive advertising tactics, are included, then 3 percent of devices show signs of infection.

"Previously ad-funded applications restricted their advertising to when the user was actually using the application; with (apps using) push notification and home screen icons, the advertising shows up even when the app is not being used," the report stated. "Users are often unaware of the source of these messages and find it very difficult to get rid of them."

In some cases, Internet service providers will notify customers who show signs of infection, but the policy is not widely adopted yet.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...