{"id":5502,"date":"2014-05-09T12:30:11","date_gmt":"2014-05-09T16:30:11","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5502"},"modified":"2014-05-09T12:30:11","modified_gmt":"2014-05-09T16:30:11","slug":"malware-infections-tripled-in-late-2013-thanks-to-sneaky-browser-plugin-microsoft-says","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/09\/malware-infections-tripled-in-late-2013-thanks-to-sneaky-browser-plugin-microsoft-says\/","title":{"rendered":"Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2152180\/malware-infections-tripled-in-late-2013-microsoft-finds.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/piracy_malwar-100008629-large.jpg\" alt=\"\" \/><\/a><\/p>\n<p>A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies.<\/p>\n<p>The finding comes as part of Microsoft\u2019s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools.<\/p>\n<p>In the third quarter of 2013, an average of 5.8 Windows computers out of every 1,000 were infected with malware, said Tim Rains, director of Microsoft\u2019s Trustworthy Computing division, which tracks security trends targeting the company\u2019s widely used products. That jumped to about 17 computers per 1,000 for the last quarter of the year.<\/p>\n<p>Rains attributed the rise to malware called \u201cRotbrow.\u201d The program masquerades as a browser add-on called \u201cBrowser Protector\u201d and is supposedly a security product, Rains said by phone Wednesday. Rotbrow was found on about 59 of every 1,000 computers using its security products, he said.<\/p>\n<p>For some time, computer security companies didn\u2019t classify Rotbrow as malicious software. Rotbrow is known as a \u201cdropper,\u201d with capabilities to download other software on a computer. It didn\u2019t initially download malware to computers it was installed on, Rains said.<\/p>\n<p>But then Rotbrow started downloading malicious browser extensions. Microsoft noticed the change and alerted other security companies, which then began blocking it.<\/p>\n<p>The tactic, which had been used by fake antivirus programs in the past, meant that Rotbrow was already installed on a huge number of computers.<\/p>\n<p>Malware virus<\/p>\n<p>\u201cI would characterize it as a low and slow attack,\u201d Rains said. \u201cThey were patient and waited a long time before they started to distribute malicious stuff. I think they gained a lot of people\u2019s trust over time.\u201d<\/p>\n<p>Rotbrow often distributes Sefnit, a type of malicious botnet code, which can subsequently download other harmful programs to a computer such as those involved in click fraud. Sefnit has also been linked to \u201cransomware,\u201d which is malware that encrypts a person\u2019s files and demands payment.<\/p>\n<p>Microsoft added detection for Rotbrow in its Malicious Software Removal Tool (MSRT) last December after it raised suspicion.<\/p>\n<p>Safer overall<\/p>\n<p>Overall, Microsoft\u2019s latest report concluded that security improvements in Windows such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) have made it much more difficult to exploit known vulnerabilities. The report also said the number of vulnerabilities in Microsoft products that can be remotely exploited has fallen by 70 percent between 2010 and 2013.<\/p>\n<p>\u201cWe are really trying to raise the cost of exploitation,\u201d Rains said. \u201cIt\u2019s not impossible to exploit, just hard. They have to put in the extra time, extra cost.<\/p>\n<p>As a result, attackers are increasingly trying to just trick people into downloading their malware by bundling it with legitimate programs or music, he said.<\/p>\n<p>The latest report does not include data on the zero-day vulnerability in Internet Explorer that Microsoft released an emergency patch for on Monday. The flaw, which affects IE 6 through IE 11, could allow attackers to execute code remotely on a compromised computer if the user views an infected webpage using the browser.<\/p>\n<p>Rains said \u201ctime will tell\u201d if its next report shows a rise in infections due to the bug. But Microsoft believes the quick release of a patch and fact users have to be lured to a malicious website mitigates the risk.<\/p>\n<p>\u201cI don\u2019t think we will see an uptick [in infections] given the quick response and the type of vulnerability that is,\u201d Rains said.<\/p>\n<p>via <a href=\"http:\/\/www.pcworld.com\/article\/2152180\/malware-infections-tripled-in-late-2013-microsoft-finds.html\" target=\"_blank\">Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,7,11],"tags":[342,655],"class_list":["post-5502","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-exploits","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1qK","jetpack-related-posts":[{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":5502,"position":0},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9930,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/fbi-says-toss-your-old-router\/","url_meta":{"origin":5502,"position":1},"title":"FBI Says Toss Your Old Router","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/scR199zRjvA On Security Now, Steve talks about the FBI's suggestion that we should be tossing out our old routers.","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/scR199zRjvA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9884,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/12\/08\/how-emergency-vehicle-lights-can-trigger-digital-epileptic-seizures-in-self-driving-cars\/","url_meta":{"origin":5502,"position":2},"title":"How Emergency Vehicle Lights Can Trigger Digital Epileptic Seizures in Self-Driving Cars","author":"NCCT","date":"December 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/GVJSZAcXPqU In this segment from Security Now episode 1003, Steve Gibson and Leo Laporte explore the fascinating research revealing how emergency vehicle lights can induce \"digital epileptic seizures\" in self-driving cars, potentially leading to accidents. Watch the full episode for more on Microsoft's AI training practices, the Tor network's call\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/GVJSZAcXPqU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":5502,"position":3},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":5502,"position":4},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":5502,"position":5},"title":"Odorless and Weightless Hackers &#8211; This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5502"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5502\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}