| By Robert Vamosi |
A new Microsoft study finds malware more often targets patched vulnerabilities than those still awaiting a patch (zero-day infections).
Additionally, over the first half of 2011, user downloads and compromised removable drives were more likely to lead to malware infections than any other method.
Microsoft’s latest report on PC Internet security
In its 11th survey of malware, Microsoft’s Security Intelligence Report identified an important shift in the PC-threat landscape. The threats were detected by the Malicious Software Removal Tool (MSRT) during the first half of 2011. Additional data was collected by Microsoft’s Malware Protection Center, Security Response Center, and Digital Crimes Unit as well as other Microsoft sources.
The typical PC security vulnerability is based on one or more software flaws. Cyber criminals exploit these flaws to do bad things. But not all vulnerabilities lead to exploits, and not all exploits lead to malware.
It may surprise you to learn that zero-day (unpatched) threats are not the ones we should fear the most. Ironically, the cyber criminal’s favorite targets are well-known, already-patched vulnerabilities because — human nature being what it is — we don’t always get around to patching our systems. Our own actions often put us at risk, typically via malware that tricks us into downloading malicious code. We then often compound the problem, spreading the infection through our indiscriminate use of those handy removable-media devices such as USB flash drives.
Bye-bye, drive-by personal-computer infections
In its report, Microsoft catalogued the various ways that malware threats are currently propagated. Many of the report’s findings run counter to what we’ve been told by the antivirus community. For example, the report states that a plurality of the malware threats, 45 percent, require some sort of user interaction — meaning the end user had to download and/or click something to become infected. (The techniques used to trick users into clicking on a malicious link, image, or file are often referred to as social engineering.)
The next-highest malware propagation method — accounting for 26 percent of detected threats — is through the use of Windows’ Autorun, an automatic application-launching system triggered when users insert removable media. Using Autorun over network connections made up another 17 percent of the threats. Combined, that’s 43 percent of all malware threats recorded by Microsoft.