Which is the most popular malware propagation tactic?

Which is the most popular malware propagation tactic?

Summary: According to Microsoft's recently released Security Intelligence Report, that's socially engineered malware, malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file.

SHARE:
TOPICS: Security, Malware
10

According to Microsoft's recently released Security Intelligence Report, that's socially engineered malware (scareware pop ups; blackhat search engine optimization attacks), or malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file.

More propagation tactics:

  • User Interaction required - 44.8%
  • AutoRun USB - 26%
  • AutoRun: Network - 17.2%
  • File Infector - 4.4%
  • Exploit: Update Long Available - 3.2%
  • Exploit: Update Available - 2.4%
  • Password Brute Force - 1.4%
  • Office Macros - 0.3%
  • Exploit: Zero Day - 0%

Based on a sample of 600 million systems worldwide, the research further positions AutoRun USB infection as the second most popular malware propagation tactic, based on the data provided by the software giant. Microsoft disabled AutoRun by default on Windows XP/Vista in February in order to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.

The report also points out that zero day flaws do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general. A point -- including several other -- which I already discussed in my article "Seven myths about zero day vulnerabilities debunked".

How well is Microsoft positioned to take advantage of the points presented in the study? For starters, for a second year in a row, Microsoft's Internet Explorer outperforms competing browsing in protecting against socially engineered malware, at least according to studies conducted by NSS Labs. Studies whose methodology I debunked in related posts - "IE8 outperforms competing browsers in malware protection -- again" ; "Study: IE8's SmartScreen leads in malware protection.

Now that socially engineered malware is supposedly taken care of, what else is Microsoft missing? It's malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins. That's precisely what the studies from NSS Labs have omitted from their research, especially in times when web malware exploitation kits dominate the threatscape.

What are some of the most common client-side exploits that malicious attackers attempt to exploit through these kits? According to Microsoft:

The most commonly observed type of exploits in 1H11 were those targeting vulnerabilities in the Oracle (formerly Sun) Java Runtime Environment (JRE), Java Virtual Machine (JVM), and Java SE in the Java Development Kit (JDK). Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters.

Consider going through the report here.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • RE: Which is the most popular malware propagation tactic?

    There is almost no protection that is foolproof against a fool who downloads a file then executes it on his computer. But we have several incidents EVERY DAY of somebody who does just that.

    Drive-by downloads from compromised websites are the worst, because often there is no clue to the user what actually happened.
    terry flores
  • RE: Which is the most popular malware propagation tactic?

    http://itshrunk.com/7e7cac ......... thanks
    sdghkiehj
  • RE: Which is the most popular malware propagation tactic?

    Probably very similar to automobile crashes ...... The weakest link......The nut behind the steering wheel.
    BananaBoatWireless
  • RE: Which is the most popular malware propagation tactic?

    Well now I know why Java seems to update every week - bug fixes. In the end I just took it off. Only thing I used it for was Minecraft and even that was too slow.
    tonymcs@...
  • RE: Which is the most popular malware propagation tactic?

    LOL, still falls back to the threat between the chair and the keyboard :p
    MrElectrifyer
  • I would say, it's bloggers

    Because they want page hits above all.
    ego.sum.stig
    • True

      @ego.sum.stig@...

      Bloggers and websites with unchecked ad providers seem to be a huge part of this problem. Along with linkbait search result sites. Pirate software sites are also a major source - not always from the downloads, but often with Javascript exploits right on the page. The unfiltered web is becoming a cesspool of infected links. It's no wonder that users are preferring the safety of "the managed web" through mobile apps.
      Joe_Raby
      • RE: websites with unchecked ad providers

        @Joe_Raby

        Which is why Firefox with 'No Script' and 'Ad Block Plus' are a better way to go.
        fatman65536
  • RE: Which is the most popular malware propagation tactic?

    This report won't say it, but what about the most effective malware propagation method of all? Release unimproved alpha or early beta versions with the name "Microsoft" on them, then fix the bugs that the suckers discover for you!
    orangemike
  • RE: Which is the most popular malware propagation tactic?

    The problem is that you get this crap in your emails and you know that no one is doing anything about it. Law enforcement consists or ignoring attempts to steal from you. What's the use of bearing arms if they're not being used?
    trm1945