The number of computers infected with malware increased significantly in the last quarter of 2013 according to Microsoft Security Intelligence Report (SIR) Volume 16 released on Friday.
This is largely because of the deceptive methods that cybercriminals are increasingly applying.
The report gathered data from computers that had Microsoft’s malicious software removal tool, and tabulated how many computer systems encountered and were infected with malware in each quarter of 2013.
In the first three quarters of 2013, the number of computers infected worldwide only played at around 5 to 5.8 for every 1,000 systems scanned, the report said. In the last quarter of 2013, this number jumped to 17.8.
The local infection numbers are greater than the worldwide figures.
It was revealed that 32.1 of every 1,000 unique computers in the Philippines were infected with malware in the fourth quarter of 2013.
It may be less than one percent, but it is a huge jump from 14 to 18 per 1,000 computers scanned in the first three quarters of 2013.
One of the biggest causes of this is the worldwide increase of the “bad guys’” use of deceptive tactics, which has more than tripled in the last quarter of 2013, said Tim Rains, director of Microsoft’s Trustworthy Computing group during a forum on Friday.
Decrease in exploit codes, increase in deceptive tactics
Attackers used to exploit vulnerabilities in computer systems in order to hack into them and access the victims’ information and data.
But recently, Rains said, attackers are finding it more difficult to write exploit code on computer systems.
“We’ve been focused on adding more and more mitigation systems over time. We’re having an effect on this because if we look at the data, we see a big drop in the exploitation of our software because it’s getting harder and harder for the bad guys to actually exploit vulnerabilities in the software,” he said.
There was a 70-percent decrease in the number of severe vulnerabilities exploited in Microsoft products between 2010 to 2013, he added during his presentation.
“They’re relying on trickery to get onto the system. So we see a big increase of malware both globally and in the Philippines and greater Asia, a big increase in malware using deception rather than looking at vulnerabilities,” he explained.
Luring victims through free downloads
“What we’re seeing is a big increase in some malware being bundled with free downloads,” Rains said.
One example he gave is rotbrow, a free software that “claimed to protect your browser from malicious browser add-ons.”
They thought it was benign, Rains said, so it wasn’t flagged as malicious.
However, months later, rotbrow started distributing sefnit, a family of malware.
“So, all of a sudden, rotbrow is being used to distribute sefnit on millions and millions of systems that rotbrow has been installed on for a period of months,” Rains said.
Almost half of computers in PHL encountered malware
While the number of infected computers is less than one percent of the systems tested by Microsoft, the number of computer systems that encounter malware is much greater.
About 45 percent of the computers scanned in the Philippines by Microsoft’s malware removing tool encountered malicious software in the last quarter of 2013.
“Almost half of the computers in the Philippines in the fourth quarter of 2014 encountered malware. That’s a large number. The worldwide average is about 22 percent in any given quarter. In the Philippines, it’s considerably higher.”
The most common category of malware encountered locally in the fourth quarter of 2013 was worms, according to the SIR’s Regional Threat Assessment specific to the Philippines.
Computer worms are malware programs that “can self-replicate on computers or via computer networks without you being aware that your machine has become infected”, according to Kaspersky Lab.
The second most common are Miscellaneaous Trojans, while the third are Trojan Downloaders and Droppers.
Trojans are “malicious programs that perform actions that have not been authorised by the user”, according to Kaspersky Lab. They can delete, block, modify, and copy data or disrupt the performance of computers or computer networks, it added.
Rains said that since almost half of the computers scanned in the Philippines encountered malware, it would pay to apply the necessary security measures in protecting computer systems in order to avoid infection. — JDS, GMA News