Windows 8 and 8.1 Forums

SIRv16: Cybercriminal tactics trend to deceptive measures

  1. #1

    Posts : 22,582
    64-bit Windows 10

    SIRv16: Cybercriminal tactics trend to deceptive measures

    Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks.

    Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate (Computers Cleaned per Mille (CCM), and our real-time protection products are used to derive the encounter rate. One of the more notable findings included in the report was an increase in worldwide infection rates and encounter rates. About 21.2 percent of reporting computers encountered malware each quarter in 2013. We also saw an infection rate of 11.7 CCM.

    More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall.

    Sefnit, a bot which gives a remote attacker a multitude of options, is often used in connection with activities that help attackers make money—things like click fraud and Bitcoin mining. In fact, Sefnit was first detected because it was leveraging click hijacking, and users reported seeing their searches redirected. Researchers widely believed the Sefnit threat was diminished and it didn’t re-emerge until it started to behave differently, acting like a proxy service and giving attackers the ability to leverage a botnet of Sefnit-hosted proxies to relay web traffic issuing illegitimate “clicks” for online ads.

    These new Sefnit variants operated in the background, evading detection by researchers for a short while. Rotbrow, software that poses as protection from browser plug-ins (“Browser Protector”), and Brantall, which fronts as an installer for some legitimate software programs, were both caught directly installing Sefnit in the second half of the year. Once detection was added, Sefnit became the third most commonly encountered malware family in the third quarter of 2013, dropping down as detections for Rotbrow and Brantall were added to Microsoft security products.

    Once Rotbrow was added to MSRT it went to the top of the charts as the number one threat encountered and cleaned globally in the second half of 2013. In the fourth quarter, Rotbrow was the most commonly encountered malware family with an encounter rate of 5.90 percent.

    Brantall followed as the next most commonly encountered threat, with an encounter rate of 3.55 percent in that same quarter.

    Figure 1: 2013 encounter rates for major threat families in the second half of 2013

    However, deceptive techniques are not limited to these three families.

    Ransomware is another type of deceptive tactic that is less prevalent but can be devastating to owners of infected systems.

    In threat families such as Reveton, Urausy, or the highly publicized Crilock (also known as Cryptolocker), cybercriminals gain control of a user’s computer and lock them out of access to their own files, holding files for ransom and refusing to return control of it or their files until the victim pays a fee. In many instances, control of the computer or files is never returned to the victim, causing them to lose valuable data, pictures, movies, music, etc. Certain cases of ransomware, where local or national "authorities" appeared to warn of an alleged crime committed by the computer user and demand a "fine", were extremely threatening. Many users were so threatened by the fake warnings that they felt they had no choice but to pay the fee. Between the first and second halves of 2013, the top ransomware threat encountered globally, Reveton, increased by 45 percent.

    While there was an increase in deceptive tactics, interestingly, there was a decrease in exploits.

    In the second half of 2013, exploits—particularly Java exploits and web-based threats—declined between the first and second halves of the year. As always, malicious hackers work to vary what they focus on exploiting, ultimately engaging us in a game of whack-a-mole. First, a decline in web-based threats was seen, followed by a drop in Java exploits. Some of this decline correlated with the discovery and subsequent arrest of alleged exploit kit author Paunch, and some of it might have been associated with exploit kit writers varying the exploits they use in their popular kits. You can find more data on exploits and how they trended in SIRv16.

    Figure 2: 2013 exploit encounter rates

    In SIRv16, the Trustworthy Computing security science team has elaborated on exploit trends in its in-depth study of exploits of vulnerabilities in Microsoft products. Markedly, they have identified a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) exploited in Microsoft products between 2010 and 2013.

    As always, the best protection from malware and potentially unwanted software is to keep all your software up-to-date and run a real-time security product such as Microsoft Security Essentials.

    Additional data on deceptive threats as well as much more regional-, platform- and category-specific analysis is available now in Volume 16, which you can download at

    Source: SIRv16: Cybercriminal tactics trend toward deceptive measures - Microsoft Malware Protection Center - Site Home - TechNet Blogs

      My System SpecsSystem Spec

  2. #2

    Hafnarfjörður IS
    Posts : 4,376
    Linux Centos 7, W8.1, W7, W2K3 Server W10

    Hi there

    This is a SIMPLE SCAM that cons 100'000's of users.

    A person with a decent laptop or even a modern smart phone can set up a Wifi access point -- and call it something like XXXX Public Wifi (even from within say a Starbucks coffee shop).

    Now a lot of people will just willy nilly log on to any public wifi service if it looks even remotely OK.

    So the person who's set up the Wi-Fi access point gets all your Bank details / passwords when you logon to that wi-fi network.

    Honestly these sort of scams catch more people out than any amount of computer AV software -- it's a pity that security people simply concentrate on protecting the OS rather than also educating people into the myriads of other ways their security can be compromised.

    Anyway ALWAYS check carefully before using any WIFI public network -- that innocent looking guy using a laptop say in your favourite bar / café *might* not be as innocent as you think. !!

      My System SpecsSystem Spec

SIRv16: Cybercriminal tactics trend to deceptive measures
Related Threads
Deceptive download sites in Chillout Room
I posted that already on the sevenforums. But for those of you who do not visit there, this may be useful information. There is a good article by Anand (HappyAndyK), the owner of the Windows Club, that describes which download sites to avoid and which ones to favor. I think it is worth reading...
Hi there PLEASE web site people can you ensure that web pages don't display like this --seems the latest trend in web page display whatever browser you are using and it's INCREDIBLY ANNOYING when you are trying to read the article. I know that advertising online is an incredibly difficult...
Expert Forecasts More
Read more at source: A close look at how Oracle installs deceptive software with Java updates | ZDNet
It's nothing new, but because of the new Task Manager I started to care about it after installing Windows 8. Normally my internet speed is only about 1 mbps (~8 mbit). Because of that, the task managers' "Network" bar shows wrong percents. I assume that that is because Windows reports wrong wired...
Please delete
Eight Forums Android App Eight Forums IOS App Follow us on Facebook