Risk

10/9/2012
12:39 PM
50%
50%

Windows 7 Malware Infection Rates Soar

Microsoft reports malware infections grow more prevalent on Windows 7 SP1 and Windows XP SP3 machines, while plummeting on Windows Vista SP2.

8 Key Differences Between Windows 8 And Windows RT
8 Key Differences Between Windows 8 And Windows RT
(click image for larger view and for slideshow)
The number of Windows 7 SP1 and Windows XP machines infected by malware is on the increase, while the number of infected Windows Vista SP2 machines has declined sharply.

Those findings come from the latest Microsoft Security Intelligence Report (volume 13), released Tuesday, which reviews threat prevalence and infection rates seen in the first half of 2012.

According to the report, the average number of infected Windows 7 SP1 machines increased by 23% on 32-bit systems and 7% on 64-bit systems, comparing the last quarter of 2011 to the first half of 2012. In the same time period, the average number of malware-infected Windows XP SP3 PCs increased by about 10%, while the number of malware-infected Windows Vista SP2 PCs plummeted by 33% for 32-bit systems, and 43% for 64-bit systems.

Despite the changing infection profiles, 32-bit Windows XP SP3 machines are now two to three times more likely to be infected by malware than 32-bit Windows Vista SP2 machines, which have the lowest infection rate of any Microsoft operating system, followed closely by Windows 7 SP1 and Windows 7 RTM.

Meanwhile, the report found that "the infection rate for Windows XP SP3 increased" in the first half of 2012 "after declining for several quarters," largely thanks to Dorkbot worm infections, as well as a Trojan downloader called Pluzoks, which is prevalent in South Korea, where Windows XP remains the most-used operating system.

[ See 8 Security Tips For Windows 8. ]

What accounts for the sudden increase in Windows 7 SP1 infections? "A similar trend of slowly increasing infection rates was observed for Windows Vista between 2007 and 2009, prior to the release of Windows 7," according to the report, which suggested that as more people adopt the software, security suffers. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population," it said. "As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."

In terms of threats, Microsoft's report also charts a rise in social engineering attacks involving supposed license key generator--a.k.a. "keygen"--software that can be used to provide on-demand serial numbers, so people can pirate commercial software without buying a license.

Obviously, a large software manufacturer such as Microsoft has a vested interest in keeping people away from keygen software. Also, according to Microsoft's new security report, 76% of PCs that downloaded keygen software in the first half of 2012 had a 10% higher than average rate of malware infection.

Another new threat-related finding from Microsoft's report is that the exploit kit known as Blacole has recently grown in popularity to become the most common toolkit seen on PCs infected with such software.

"Prospective attackers buy or rent the Blacole kit on hacker forums and through other illegitimate outlets. It consists of a collection of malicious Web pages that contain exploits for vulnerabilities in versions of Adobe Flash Player, Adobe Reader, Microsoft Data Access Components (MDAC), the Oracle Java Runtime Environment (JRE), and other popular products and components," according to the report. "When the attacker installs the Blacole kit on a malicious or compromised Web server, visitors who don't have the appropriate security updates installed are at risk of infection through a drive-by download attack."

Interestingly, "Blacole is more than twice as likely to be seen by users who also report keygen detections, as compared to the total number of users," said Joe Blackbird, a program manager for the Microsoft Malware Protection Center, in a blog post. In other words, beyond trying to watch out for malicious websites that seek to exploit known vulnerabilities on unpatched PCs via drive-by attacks, also beware malware attacks hidden with pirated software.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JimC
50%
50%
JimC,
User Rank: Apprentice
10/12/2012 | 1:30:01 PM
re: Windows 7 Malware Infection Rates Soar
The "FBI virus" has been infecting lots of computers in the past few weeks.
s404n1tn0cc
50%
50%
s404n1tn0cc,
User Rank: Apprentice
10/9/2012 | 8:06:43 PM
re: Windows 7 Malware Infection Rates Soar
Not an accurate paper. It depends on how frequently you update the definition file in security essentials- a free anti-malware and anit- virus app.
Best recommendation- update it Daily. If you note that by the end of the 3rd day of your last update you machine is sluggish-- you may need to install it again.
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
A Call for Greater Regulation of Digital Currencies
Kelly Sheridan, Associate Editor, Dark Reading,  11/21/2017
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writer,  11/21/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.