Microsoft has just released its volume 11 of its Security Intelligence Report or SIR for the first and second quarter of 2011, which has published some alarming findings for India. While there has been a general trend in a decrease in malware infections globally, there appears to be an opposite trend in India.
Newer versions of Windows operating system have been found to be the least affected, possibly due to several vulnerabilities being patched in the newer releases. Similarly, 64-bit versions were found to be consistently less affected than 32-bit versions, possibly because of the more popularity of the latter, thus the reason why cybercriminals target them more.
Of the various threat types, Adware have been dominating, thanks to a new pair of families Win32/OpenCandy and Win32/ShopperReports.Other potentially unwanted software families such as Win32/Keygen which propagates through keygenerators, has also seen an increase in detections.
Worms and Trojan Downloaders & Droppers showed a downward trend, while viruses have been steadily accounting for at just under 5 percent of the total infections. The report notes that a change in behaviour of the AutoRun feature in older Windows could have contributed to the decline in the number of work families as a whole. Spyware infections have been the least bothering of all.
In India, the picture is completely different. Worms (38.3 percent) and Trojans (33.6 percent) infections are found to be the most common, while Adware is somewhere in the middle. Viruses also amount to around 25 per cent of all infections, although spyware infection levels are as low as worldwide. The report also stated that India hosted 11.003 percent of all spambot IP addresses in the second quarter of 2011, which is up from 10.895 from the previous quarter.
How does malware spread?
There are different ways in which malware threat propagation takes place.
* User Interaction Required: In this method, the user is prompted to perform an action for the computer to be compromised. In such cases, users may be unknowingly lured into performing these actions, such as making them believe that their system is infected, redirecting them to a website from where they are asked to download a malware masquerading as an anti-virus software to "cure" their "infected" system.
* AutoRun USB: With USB storage devices fast replacing optical media, the malware spreads through the AutoRun feature of Windows for such drives.
* Autorun Network: In this case, the AutoRun feature is applied to mapped infected network volumes.
* File Infector: The threat spreads by modifying files, usually application or executable files, also known by EXE, SCR, or DLL extensions. Codes in these files are overwritten by the infectious code to help propagate the malware.
* Exploit: Zero-day: Vendor has not released a security update to address the vulnerability at the time of the attack.
* Password Brute Force: Threats of these type, spread by attempting brute force password attacks on available volumes, such as by using the "net use" command.
* Office Macros: Threats also spread by infecting Microsoft Office documents with malicious VBA macros.
* Emails: Spam accounts for the most worldwide email traffic and naturally, malware proliferate.
* Malicious websites: Attackers are known to conduct phishing attacks and distribute malware using malicious websites, which appear completely legitimate, fooling the user into disclosing confidential information or even downloading a malware infected application, which then hijacks the system. Although mostly affecting financial websites, a sizeable phishing interest has been seen in social networking and gaming websites recently.
The report states that more than a third of the malware detections were attributed to malicious software that misused the AutoRun feature. 6 percent were found to be exploits or malicious code attempting to exploit vulnerabilities in the application or operating system. Adobe Reader documents have also been consistently found to be more likely to be vehicles of exploits, while the RTF or Rich Text Format was also found to be a likely candidate.
How to combat these security threats?
* Keep all software on your systems updated. This includes those related to the OS and also third party.
* It is better to use Microsoft Update instead of Windows Update, because the former updates all Microsoft software installed on the system including MS Office suite, while the latter updates only Windows operating system.
* Install an anti-virus software from a trusted vendor and keep it updated. Run periodic scans to ascertain the integrity of your system. A complete internet security suite is preferable because it takes care of almost all threats and is likely to include a competent firewall.
* Be cautious when you click on links in web pages, unless you know for sure that it is safe.
* Never download and open attachments before scanning them with the installed anti-virus.
* Avoid downloading pirated software because it has usually been found to be a vehicle of choice by cybercriminals.