Risk
10/9/2012
12:39 PM
Connect Directly
RSS
E-Mail
50%
50%

Windows 7 Malware Infection Rates Soar

Microsoft reports malware infections grow more prevalent on Windows 7 SP1 and Windows XP SP3 machines, while plummeting on Windows Vista SP2.

8 Key Differences Between Windows 8 And Windows RT
8 Key Differences Between Windows 8 And Windows RT
(click image for larger view and for slideshow)
The number of Windows 7 SP1 and Windows XP machines infected by malware is on the increase, while the number of infected Windows Vista SP2 machines has declined sharply.

Those findings come from the latest Microsoft Security Intelligence Report (volume 13), released Tuesday, which reviews threat prevalence and infection rates seen in the first half of 2012.

According to the report, the average number of infected Windows 7 SP1 machines increased by 23% on 32-bit systems and 7% on 64-bit systems, comparing the last quarter of 2011 to the first half of 2012. In the same time period, the average number of malware-infected Windows XP SP3 PCs increased by about 10%, while the number of malware-infected Windows Vista SP2 PCs plummeted by 33% for 32-bit systems, and 43% for 64-bit systems.

Despite the changing infection profiles, 32-bit Windows XP SP3 machines are now two to three times more likely to be infected by malware than 32-bit Windows Vista SP2 machines, which have the lowest infection rate of any Microsoft operating system, followed closely by Windows 7 SP1 and Windows 7 RTM.

Meanwhile, the report found that "the infection rate for Windows XP SP3 increased" in the first half of 2012 "after declining for several quarters," largely thanks to Dorkbot worm infections, as well as a Trojan downloader called Pluzoks, which is prevalent in South Korea, where Windows XP remains the most-used operating system.

[ See 8 Security Tips For Windows 8. ]

What accounts for the sudden increase in Windows 7 SP1 infections? "A similar trend of slowly increasing infection rates was observed for Windows Vista between 2007 and 2009, prior to the release of Windows 7," according to the report, which suggested that as more people adopt the software, security suffers. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population," it said. "As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."

In terms of threats, Microsoft's report also charts a rise in social engineering attacks involving supposed license key generator--a.k.a. "keygen"--software that can be used to provide on-demand serial numbers, so people can pirate commercial software without buying a license.

Obviously, a large software manufacturer such as Microsoft has a vested interest in keeping people away from keygen software. Also, according to Microsoft's new security report, 76% of PCs that downloaded keygen software in the first half of 2012 had a 10% higher than average rate of malware infection.

Another new threat-related finding from Microsoft's report is that the exploit kit known as Blacole has recently grown in popularity to become the most common toolkit seen on PCs infected with such software.

"Prospective attackers buy or rent the Blacole kit on hacker forums and through other illegitimate outlets. It consists of a collection of malicious Web pages that contain exploits for vulnerabilities in versions of Adobe Flash Player, Adobe Reader, Microsoft Data Access Components (MDAC), the Oracle Java Runtime Environment (JRE), and other popular products and components," according to the report. "When the attacker installs the Blacole kit on a malicious or compromised Web server, visitors who don't have the appropriate security updates installed are at risk of infection through a drive-by download attack."

Interestingly, "Blacole is more than twice as likely to be seen by users who also report keygen detections, as compared to the total number of users," said Joe Blackbird, a program manager for the Microsoft Malware Protection Center, in a blog post. In other words, beyond trying to watch out for malicious websites that seek to exploit known vulnerabilities on unpatched PCs via drive-by attacks, also beware malware attacks hidden with pirated software.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JimC
50%
50%
JimC,
User Rank: Apprentice
10/12/2012 | 1:30:01 PM
re: Windows 7 Malware Infection Rates Soar
The "FBI virus" has been infecting lots of computers in the past few weeks.
s404n1tn0cc
50%
50%
s404n1tn0cc,
User Rank: Apprentice
10/9/2012 | 8:06:43 PM
re: Windows 7 Malware Infection Rates Soar
Not an accurate paper. It depends on how frequently you update the definition file in security essentials- a free anti-malware and anit- virus app.
Best recommendation- update it Daily. If you note that by the end of the 3rd day of your last update you machine is sluggish-- you may need to install it again.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.