Which is the most popular malware propagation tactic?
Summary: According to Microsoft's recently released Security Intelligence Report, that's socially engineered malware, malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file.
According to Microsoft's recently released Security Intelligence Report, that's socially engineered malware (scareware pop ups; blackhat search engine optimization attacks), or malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file.
More propagation tactics:
- User Interaction required - 44.8%
- AutoRun USB - 26%
- AutoRun: Network - 17.2%
- File Infector - 4.4%
- Exploit: Update Long Available - 3.2%
- Exploit: Update Available - 2.4%
- Password Brute Force - 1.4%
- Office Macros - 0.3%
- Exploit: Zero Day - 0%
Based on a sample of 600 million systems worldwide, the research further positions AutoRun USB infection as the second most popular malware propagation tactic, based on the data provided by the software giant. Microsoft disabled AutoRun by default on Windows XP/Vista in February in order to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.
The report also points out that zero day flaws do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general. A point -- including several other -- which I already discussed in my article "Seven myths about zero day vulnerabilities debunked".
How well is Microsoft positioned to take advantage of the points presented in the study? For starters, for a second year in a row, Microsoft's Internet Explorer outperforms competing browsing in protecting against socially engineered malware, at least according to studies conducted by NSS Labs. Studies whose methodology I debunked in related posts - "IE8 outperforms competing browsers in malware protection -- again" ; "Study: IE8's SmartScreen leads in malware protection.
Now that socially engineered malware is supposedly taken care of, what else is Microsoft missing? It's malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins. That's precisely what the studies from NSS Labs have omitted from their research, especially in times when web malware exploitation kits dominate the threatscape.
What are some of the most common client-side exploits that malicious attackers attempt to exploit through these kits? According to Microsoft:
The most commonly observed type of exploits in 1H11 were those targeting vulnerabilities in the Oracle (formerly Sun) Java Runtime Environment (JRE), Java Virtual Machine (JVM), and Java SE in the Java Development Kit (JDK). Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters.
Consider going through the report here.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Which is the most popular malware propagation tactic?
Drive-by downloads from compromised websites are the worst, because often there is no clue to the user what actually happened.
dsffds
Wholesale Socks China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Entertainment Supplies
Personal Safety Products Wholesale Playing Card http://www.chinawholesaletown.com/ Glove
Wholesale Compressed Products Crystal Gifts http://www.chinawholesaletown.com/wholesale-Playing-Card/ Racks
Medicine Instrument Wholesale Jewelry http://www.chinawholesaletown.com/wholesale-Eye-Masks/ Playing Card
Water Bottle Medicine Instrument http://www.chinawholesaletown.com/wholesale-Calendar/ Stapler
Coca Cola Gifts Wholesale Belt http://www.chinawholesaletown.com/wholesale-Coca-Cola-Gifts/ Mouse
Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
China Wholesale Wholesale Clothing http://www.chinawholesaletown.com/wholesale-Electroluminescent/ Advertising Material
Home Appliances Wholesale Vase http://www.chinawholesaletown.com/wholesale-USB-Flash-Drive/ Glasses
Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
Wholesale USB Flash Drive Wholesale Bookmark http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Money Clip
Wholesale Mirror Bottle Opener http://www.chinawholesaletown.com/wholesale-Baby-Suppliers/ Promotional Items
Wholesale Bag Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Wallet/ Vuvuzela
Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
Wholesale Carabiner Wholesale Pedometer http://www.chinawholesaletown.com/wholesale-T-Shirts/ Coca Cola Gifts
Wholesale Golf Products Flash Gift http://www.chinawholesaletown.com/wholesale-Writing-Instrument/ Arts Crafts
Patient Care Products Hair Products http://www.chinawholesaletown.com/wholesale-Stationery/ Keychain
Wholesale Tellurion Mouse Pad http://www.chinawholesaletown.com/wholesale-Scissors/ Thermometer
World Cup Products Water Bottle http://www.chinawholesaletown.com/wholesale-Beauty-Equipment/ Voice Recorder
Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
Wholesale Jewelry Wholesale Tableware http://www.chinawholesaletown.com/wholesale-Pom-Poms/ Knife
Wholesale Waterproof Case Wholesale Cup http://www.chinawholesaletown.com/wholesale-Electrical-Gifts/ Bracelet
CD Holde Wholesale USB Flash Drive http://www.chinawholesaletown.com/wholesale-Cap/ Writing Instrument
Wholesale Shoe Wholesale lable http://www.chinawholesaletown.com/wholesale-Computer-Keyboard/ China Wholesale
Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
Wholesale Stationery Inflatable Products http://www.chinawholesaletown.com/wholesale-Name-Card-Holder/ Raincoat
Wholesale T-Shirts Name Card Holder http://www.chinawholesaletown.com/wholesale-Money-Clip/ Electrical Gifts
Wholesale Pedometer Wholesale Bangle http://www.chinawholesaletown.com/wholesale-Gift-Box---Display/ Consumer Electronics
Cleaner Products Wedding Favors http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Bedding
Lighting Products Wholesale Tellurion http://www.chinawholesaletown.com/wholesale-Socks/ Giveaway Material
Wholesale Earphone Wholesale Flashlight http://www.chinawholesaletown.com/wholesale-Computer-Accessories/ Hair Products
Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
Wholesale Scarf Wholesale Raincoat http://www.chinawholesaletown.com/wholesale-Watch/ Computer Accessories
Hair Products Automotive Products http://www.chinawholesaletown.com/wholesale-Glove/ Wallet
Wholesale Raincoat Wholesale Glass http://www.chinawholesaletown.com/wholesale-Mobile-Phone/ Waterproof Case
Wholesale Pen Money Bank http://www.chinawholesaletown.com/wholesale-Album/ Christmas Gifts
RE: Which is the most popular malware propagation tactic?
RE: Which is the most popular malware propagation tactic?
RE: Which is the most popular malware propagation tactic?
RE: Which is the most popular malware propagation tactic?
I would say, it's bloggers
True
Bloggers and websites with unchecked ad providers seem to be a huge part of this problem. Along with linkbait search result sites. Pirate software sites are also a major source - not always from the downloads, but often with Javascript exploits right on the page. The unfiltered web is becoming a cesspool of infected links. It's no wonder that users are preferring the safety of "the managed web" through mobile apps.
RE: websites with unchecked ad providers
Which is why Firefox with 'No Script' and 'Ad Block Plus' are a better way to go.
RE: Which is the most popular malware propagation tactic?
RE: Which is the most popular malware propagation tactic?