Microsoft report: Downloaded malware exploded in late 2013

Microsoft report: Downloaded malware exploded in late 2013

Summary: Better security in software has forced attackers to rely more on deceptive practices, tricking people rather than software, according to Microsoft's latest Security Intelligence Report.


In the newest edition of their Security Intelligence Report, covering the second half of 2013, Microsoft says that their investments of more than ten years in secure development practices have been paying off: Between 2010 and 2013, the number of severe vulnerabilities exploited in Microsoft products decreased by 70%. That's the good news.

The bad news is that malicious actors have compensated by increasing their use of deceptive tactics, the use of which more than tripled in the last quarter of 2013. The main tactic used is an old one, the bundling of malicious software with user-initiated downloads. These are typical downloads for fake security software, codecs and the like. In addition to the downloaded software, the user gets infected with malware.

Deceptive downloads were one of the top ten threats in 105 of the 110 countries or regions worldwide studied by Microsoft. More than six of every 100 systems worldwide encountered such a download in the fourth quarter of 2013.

By far the most prevalent malware in use late last year was what Microsoft calls Rotbrow. Microsoft says that one common way it is installed is bundled with Babylon Toolbar, a browser toolbar that translates content between languages and which Microsoft says is "clean." It also masquerades as browser security software and codecs. The payloads vary, but common applications are click fraud and Bitcoin mining.

Brantall is another threat installed via deceptive download that made a splash late in 2013. Microsoft has seen this threat installed via claimed downloads of these legit programs:

  • 77Zip
  • Best Codecs Pack
  • eType
  • PC doer
  • RocketPDF
  • Speed Analysis
  • Video doer

Mostly because of Rotbrow and Brantall, the number of computers that had to be disinfected more than tripled from the third to fourth quarters of 2013.

Microsoft also discusses ransomware in the report. They say that ransomware is not especially prevalent compared to other threats, but when it hits a user it can be devastating. The top ransomware threat, Reveton, increased 45 percent between the first and second halves of 2013. Another common strain was Urausy. Both purport to be from legitimate law enforcement and intimidate the user into compliance.

Microsoft stresses that users should not pay the ransom for ransomware. Doing so does not necessarily remove the threat and, having established yourself as willing to pay, the attackers may come back again. Microsoft and others have free tools for removing many of these threats.

Topics: Security, Malware, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cnet Downloads is one of the worst

    What used to be a good place for downloads has turned into a tangled web of treachery and unwanted downloads. I can't speak to ZDNets downloads as I haven't used it but if its anything like the sister site ...

    just beware.
    • None of the mentioned malware vectors is found on CNET downloads...

      Not sure what your point is - the article topic is malware, not adware or crapware. Sure, CNET downloads might have some stuff trying to sell you something, but I don't think you'll find ransomware or other criminal activity there. Please provide specifics - what have you found on CNET downloads that is criminal or destructive?
      • CNET doesn't do malware?


        The fact that CNET tries to distract you from the file you are actually trying to download and instead get you downloading some browser search bar, or something from MacAfee, puts them on my list of malware distributors. The fact that they bundle your download with more rubbish you didn't want or ask for bumps them up the list further. The fact that you cannot just "add/remove programs" to get rid of whatever they have unethically foisted upon you means it is malware.

        It spies on the user. It intercepts web traffic. It tells someone else what the user is doing. It tries to hide itself from the user. These are not an appropriate set of behaviours for a properly designed, civilised application.

        You may not consider this behaviour to be "criminal", but the distinction between criminal and non-criminal is extremely blurred when it comes to the Internet - just ask Aaron Swartz. Oh, wait - you can't!

        There are many behaviours that have been criminalised that should not have been, and there are many extremely unethical behaviours that should either be criminalised or subject to civil complaint. I expect one of these days we will see users sue CNET and/or Tucows, and possibly throw Adobe into the mix - for the damage they caused to users by surreptitiously adding garbage to the legitimate programs they provide. Those companies will say "but we told the user...", and will find that inadequate advice is just as useless in their defence as no advice at all.

        Companies are already getting in trouble for "user agreements" that are incomprehensible to the average user. Expecting the "reasonable person" to understand, for example, that if you don't thoroughly review absolutely every message you receive when trying to download a particular program you give the company carte blanche to see everything you do on the Internet, is unlikely to wash. Confusing "No" and "Yes" answers so people need to think very closely about how to "correctly" answer each prompt is also a tactic that will cause trouble at some point. And having a "default" install that includes malware and spyware unless the user wants to go with the "advanced" install will definitely get companies into trouble.

        This behaviour is totally unethical. Think about that when you look at a company's prospectus, and measure its values against its actions.
    • Agreed, greywolf

      I have rescued more computers from infections caused by downloads from CNET than any other single website. They are now on my DO NOT TOUCH list for people. Another one that has gone to the dark side is Tucows.
      • Avoid CNET downloads

        I don't download much software anymore because of the threats, but recently downloaded software from CNET because I thought surely....of all places.....they MUST have screened their software carefully. Nope, it had malware on it. Avoid.
    • O won't do CNET downloads either

      Even if there is no malware they seem to be always trying to load you up with crapware. All courtesy of that downloader they force you to use. If I see a download list I'll always select another site than CNET and if I can't then I won't take the download.
      • that heading should read

        I won't do CNET downloads either

        why do they put certain keys next to each other?
  • For the life of me...

    I don't understand why the adware and malware from the Perion Network doesn't get more press. From my perspective, their adware suite is the number one vector for virus and spyware infections. Easily 99% of infected computers that come into my shop have some flavor of 'conduit' or 'search protect' and their ilk. Their crapware piggybacks on 'free' products/offers, which is why I always advise that nothing is free on the internet, and uncheck those silly little pre-selected checkboxes. Beware.
  • Someone is Late to the Party

    I have been disinfecting residential PCs for 12+ years north of Charlotte, North Carolina.

    Over the years the virus/malware/trojan/adware/etc mix has changed.

    Until about 2008, the Windows Operating systems were the target of malware. Over time, I used many reputable anti-malware programs to clean (disinfect). Around 2010 I ran into ransomware and serious infestations, which I could remove. Yes, I agree that most malware is user initiated.

    Over the past three years as Windows versions have hardened, we have detected fewer trojans. Now most infestations install within the BROWSERS (IE, Chrome, and Firefox). Namely toolbars, plug-ins, add-ons, and extensions that sneak in via bad clicks by the user. I agree that they are bundled by disreputable third-parties such as Babylon/Conduit. I have a list of 100 Bad Stuff from Bad Guys, which includes bundled ADware which bogs down browsing activity. (common complaint: "My computer is slow").

    We remove the Bad Stuff using Malwarebytes Antimalware, REVO, browser options, Autoruns, SuperAntispyware and Spybot. The Bad Stuff resides in the browser, programs, files/folders and registry. It is not uncommon to get several hundred threats detected. It is important to note that the most ANTI-VIRUS PROGRAMS FAIL TO DETECT/PREVENT, this kind of threat (sneak-in adware). Sort of confirms what the Symantec/Norton announcement said yesterday.

    I am amazed with the article above that MSFT believes the malware & adware threats 'exploded' in late 2013. That is an untrue assessment. Where have they been?

    The other point to be made is that the browsers are the vulnerable point for sneakware. I wish more articles addressed the weakness of the browsers. (I wonder if Safari gets intruded with bundled sneakware.) Another point: Outdated versions of Java, Adobe Reader and Flash are frequent exploitable targets...browser enabled programs.

    Recently, I, an experienced user, was tricked into downloading the wrong, a reputable program. The Bad Guys are deceptive and, so are the sleazy middlemen placing the ads and download links. It is time to clean up your advertising links.

    THE FIX: Harden the browsers to cure the proliferation of sneaky adware.
    • Macs Are Gold Mines for Browser Infections

      70% of the users at a resident facility I work at use Macs. 90% of these users despise patching and upgrading their Macs, because "it breaks their system", or so they believe. I find the masses that use Macs (not the Mac geeks) have been lead to believe they are immune to infection and don't follow any safe computing practices. So I'm guessing Safari is wonderland for malware.
    • Their data is good

      Most of Microsoft's data comes, I suspect, from the Malicious Software Removal Tool, which runs on 100 zillion systems once a month
    • Windows did not get "hardened" over the past 3 yrs

      Not only does the NIST's National Vulnerability Database show this, but even this Microsoft report shows this if you look closely at its charts.
  • Downloaded malware

    This has always been a problem. The easiest way to infect a machine is to have the user do it for you. Thus, the standard advice about not clicking on unkown/unexpected attachments.
    • You're Spot On

      Unfortunately this message goes no where. This is because the user is ignorant, illiterate, or uncaring. And if you believe that statement is true, then you may also believe the end user deserves what they get, but in many cases it's a child doing the clicking on the home/parent's computer.
  • Look at how much malware is starting to show in android

    I would bet the vast majority is downloaded by clueless users that think android is safe because it isn't Microsoft.

    Use a proxy with a default deny policy and run users in regular user mode so that they can't do that in the Enterprise. Good luck fixing that in the home users.
  • One of the best security devices .....

    sits between the user's ears. BUT IT HAS TO BE TURNED ON.

    If the average user just did a 'mouse over' on all the links he/she is considering using and checks the status bar at the bottom of the browser window, many hours of repairs could be saved.
    NEVER click on a link that does not point back at the site you are visiting. EVER!
    Be it a website or an email, check those links!!!!
  • Is malware even a useful lable?

    There seems to be some confusion in just these few responses about what undesirable software should be called. The article seems to be discussing what we used to call (probably also inaccurately) viruses, but the responses lump in unethical, but probably not illegal "crapware" with the more malevolent stuff.

    I suspect that many antivirus programs do not detect everything we do not want on our systems because the internet business community is, like the general business community, immune from ethical considerations. If no one is actually going to jail for tricking you into installing some advertising or activity monitoring, or redirecting, or annoying software, then it must be considered a legitimate business practice. It may annoy the heck out of you, or use up CPU cycles, or invade your privacy, but hey, that's just business right?

    I wonder if there is not also some fear that by labeling things like tracking cookies as threats, the big antivirus companies fear they may be liable to action for libel or tortious interference with the business of the people who plant this crap.
  • This is GOOGLE!

    They lost thier Alexa rank of 1 after Microsoft and the FBI shut down a BOTNET of over a million computers. They will not lose that Alexa Rank again. So expect rampant MALWARE. This click Google site and keeps the comscore search engine market high so they can pad thier bottom line. GOOGLE IS NOT AS POPULAR AS IT SEEMS. THEY CHEAT!
  • Best Site For Free/Trialware Downloads

    The best site to download free software or trialware is Ninite:

    Not only are the downloads certified virus-free, but free of the usual add-ons that people inadvertently install along with programs (example: you can download Acrobat Reader without the McAfee virus scanner).

    Another benefit is the ability to download and install multiple programs at once as a single executable without any user intervention. Updating to the latest version of the programs is as simple as re-running the executable again. If you already have the latest version of the program, Ninite skips downloading and installing it.
  • And Windows 8.x gained market share