Recently the Microsoft Trustworthy Computing group released their Microsoft Security Intelligence Report covering the first half of 2012. It is interesting to look at where most malware comes from and what has been the most vulnerable software.
The most prevalent method of malware distribution according to Microsoft had been what they call “unsecure distribution chains.” Fallowing in this category are websites that distribute “free software”, both legal and not legal. Some of the popular software names listed by Microsoft as containing malware include:
- SonyVegasPro Patch.exe
- Nero Multimedia Suite 10 – Keygen.exe
- Guitar Pro v6.0.7+Soundbanks+Keygen(Registered) [ kk ].rar
They also listed a number of movie named files that contained Malware, including:
- The Avengers 2012 720p BDRip QEBS7 AAC20 MP4-FASM.avi
- Prometheus 2012 DVDRip.avi
- Wrath of the Titans 2012 DVDRip aXXo.avi
- Battleship 2012 DVDRip.avi
- What to Expect When You’re Expecting 2012.BRRip.XviD-KAZAN.avi
- The Hunger Games 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
- The Five-Year Engagement 2012 HDRip XviD-HOPE.avi
- Project X 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
- Amazing SpiderMan 2012 DVDRiP XviD.avi
When looking at what got attacked by malware, the report notes that of the 3 categories, core operating systems, browsers and applications, most malware attacked applications and least attacked were core operating systems, In the application category, Java and Java Script were by far the most attacked, followed by Adobe readers and Adobe flash.
What was even more interesting is that when looking at the implementation of updates of these four applications, over 50% of users were missing the latest updates. In the case of Java, over 90% of users did not have the latest updates installed.
Looking at infections by operating system, Windows XP had the highest percentage of infections at 9.5% of estimated installed computers while Windows 7 SP1 64-bit had the lowest at 3.1%.
So what should a user learn from this report?
- Be careful what you download. You may get more than you asked for.
- Install your updates. Not just Microsoft ones but Java and Adobe are key.
- Run a current operating system. The newer the OS, the less likely you are to get infected. Remember, support for Windows XP ends April, 2014.