TechTree Blog: Malware Infection Rates Rise In India

An analysis of the Microsoft Security Intelligence Report Q2 2011.

TechTree Blog: Malware Infection Rates Rise In India

Microsoft has just released its volume 11 of its Security Intelligence Report (SIR) for the first and second quarter of 2011, which has published some alarming findings for India. While there has been a general trend in a decrease in malware infections globally, there appears to be an opposite trend in India. Newer versions of the Windows operating system have been found to be the least affected, possibly due to several vulnerabilities being patched in newer releases. Similarly, 64-bit versions were found to be consistently less affected than 32-bit versions, possibly because of the popularity of the latter.

Of the various threat types, adware has been dominating, thanks to a new pair of families Win32/OpenCandy and Win32/ShopperReports. Other potentially unwanted software families, such as Win32/Keygen that propagates through key generators, have also seen an increase in detection. Worms and Trojan downloaders \ droppers showed a downward trend, while viruses have been steadily accounting for at just under 5% of total infections. The report notes that a change in behaviour of the Autorun feature in older Windows could have contributed to the decline in the number of active families as a whole. Spyware infections have been the least bothersome of all.

TechTree Blog: Malware Infection Rates Rise In India

Unfortunately, the picture is completely different in India. Worms (38.3%) and trojans (33.6%) are found to be the most common, while adware is somewhere in the middle. Viruses also amount to around 25% of all infections, although spyware infection levels are as low as elsewhere. The report also states that India hosted 11% of all spambot IP addresses in the second quarter of 2011, up from 10.9% for the previous quarter.

TechTree Blog: Malware Infection Rates Rise In India

How does malware spread? There are different ways in which malware threat propagation takes place.

  • User Interaction Required - In this method, the user is prompted to perform an action for the computer to be compromised. In such cases, users may be unknowingly lured into performing these actions, such as making them believe that their system is infected, redirecting them to a website from where they are asked to download a malware masquerading as an anti-virus software to "cure" their "infected" system.
  • Autorun USB - With USB storage devices fast replacing optical media, the malware spreads through the Autorun feature of Windows.
  • Autorun Network - In this case, the Autorun feature is applied to mapped infected network volumes.
  • File Infector - The threat spreads by modifying files, usually application or executable files, also known by EXE, SCR, or DLL extensions. Codes in these files are overwritten by the malware to help propagate itself.
  • Zero-day Exploit - The vendor has not released a security update to address the vulnerability at the time of the attack.
  • Password Brute Force - Threats of this type are spread by attempting brute force password attacks on available volumes, such as by using the net use command.
  • Office Macros - Threats also spread by infecting Microsoft Office documents with malicious VBA macros.
  • E-Mails - Spam accounts for the most worldwide email traffic and naturally, malware proliferates through this method.
  • Malicious Websites - Attackers are known to conduct phishing attacks and distribute malware using websites that appear completely legitimate, fooling the user into disclosing confidential information or even downloading a malware infected application, which then hijacks the system. Although mostly affecting financial websites, sizeable phishing interest has been seen in social networking and gaming websites recently.

The report states that more than a third of the malware detections were attributed to malicious software that misused the Autorun feature. 6% were found to be exploits or malicious code attempting to exploit vulnerabilities in the application or operating system. Adobe Reader documents (PDF) have also been consistently found to be more likely to be vehicles of exploits, while the RTF or Rich Text Format was also found to be a likely candidate.

How does one combat these security threats?

  • Keep all software on your systems updated. This includes those related to the OS, as well as third-party apps.
  • It is better to use Microsoft Update instead of Windows Update, because the former updates all Microsoft software installed on the system including MS Office suite, while the latter updates only the operating system.
  • Install an anti-virus software from a trusted vendor and keep it updated. Run periodic scans to ascertain the integrity of your system. A complete internet security suite is preferable because it takes care of almost all threats and is likely to include a competent firewall.
  • Be cautious when you click on a links in a webpage, unless you know for sure that it's safe.
  • Never download and open attachments without scanning them with the installed anti-virus.
  • Avoid downloading pirated software, since it is usually the weapon of choice for cybercriminals.

Tags : TechTree Blog, Security, Windows, Microsoft, Jayesh