{"id":5502,"date":"2014-05-09T12:30:11","date_gmt":"2014-05-09T16:30:11","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5502"},"modified":"2014-05-09T12:30:11","modified_gmt":"2014-05-09T16:30:11","slug":"malware-infections-tripled-in-late-2013-thanks-to-sneaky-browser-plugin-microsoft-says","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/09\/malware-infections-tripled-in-late-2013-thanks-to-sneaky-browser-plugin-microsoft-says\/","title":{"rendered":"Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2152180\/malware-infections-tripled-in-late-2013-microsoft-finds.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/piracy_malwar-100008629-large.jpg\" alt=\"\" \/><\/a><\/p>\n<p>A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies.<\/p>\n<p>The finding comes as part of Microsoft\u2019s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools.<\/p>\n<p>In the third quarter of 2013, an average of 5.8 Windows computers out of every 1,000 were infected with malware, said Tim Rains, director of Microsoft\u2019s Trustworthy Computing division, which tracks security trends targeting the company\u2019s widely used products. That jumped to about 17 computers per 1,000 for the last quarter of the year.<\/p>\n<p>Rains attributed the rise to malware called \u201cRotbrow.\u201d The program masquerades as a browser add-on called \u201cBrowser Protector\u201d and is supposedly a security product, Rains said by phone Wednesday. Rotbrow was found on about 59 of every 1,000 computers using its security products, he said.<\/p>\n<p>For some time, computer security companies didn\u2019t classify Rotbrow as malicious software. Rotbrow is known as a \u201cdropper,\u201d with capabilities to download other software on a computer. It didn\u2019t initially download malware to computers it was installed on, Rains said.<\/p>\n<p>But then Rotbrow started downloading malicious browser extensions. Microsoft noticed the change and alerted other security companies, which then began blocking it.<\/p>\n<p>The tactic, which had been used by fake antivirus programs in the past, meant that Rotbrow was already installed on a huge number of computers.<\/p>\n<p>Malware virus<\/p>\n<p>\u201cI would characterize it as a low and slow attack,\u201d Rains said. \u201cThey were patient and waited a long time before they started to distribute malicious stuff. I think they gained a lot of people\u2019s trust over time.\u201d<\/p>\n<p>Rotbrow often distributes Sefnit, a type of malicious botnet code, which can subsequently download other harmful programs to a computer such as those involved in click fraud. Sefnit has also been linked to \u201cransomware,\u201d which is malware that encrypts a person\u2019s files and demands payment.<\/p>\n<p>Microsoft added detection for Rotbrow in its Malicious Software Removal Tool (MSRT) last December after it raised suspicion.<\/p>\n<p>Safer overall<\/p>\n<p>Overall, Microsoft\u2019s latest report concluded that security improvements in Windows such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) have made it much more difficult to exploit known vulnerabilities. The report also said the number of vulnerabilities in Microsoft products that can be remotely exploited has fallen by 70 percent between 2010 and 2013.<\/p>\n<p>\u201cWe are really trying to raise the cost of exploitation,\u201d Rains said. \u201cIt\u2019s not impossible to exploit, just hard. They have to put in the extra time, extra cost.<\/p>\n<p>As a result, attackers are increasingly trying to just trick people into downloading their malware by bundling it with legitimate programs or music, he said.<\/p>\n<p>The latest report does not include data on the zero-day vulnerability in Internet Explorer that Microsoft released an emergency patch for on Monday. The flaw, which affects IE 6 through IE 11, could allow attackers to execute code remotely on a compromised computer if the user views an infected webpage using the browser.<\/p>\n<p>Rains said \u201ctime will tell\u201d if its next report shows a rise in infections due to the bug. But Microsoft believes the quick release of a patch and fact users have to be lured to a malicious website mitigates the risk.<\/p>\n<p>\u201cI don\u2019t think we will see an uptick [in infections] given the quick response and the type of vulnerability that is,\u201d Rains said.<\/p>\n<p>via <a href=\"http:\/\/www.pcworld.com\/article\/2152180\/malware-infections-tripled-in-late-2013-microsoft-finds.html\" target=\"_blank\">Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,7,11],"tags":[342,655],"class_list":["post-5502","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-exploits","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1qK","jetpack-related-posts":[{"id":3156,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/09\/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux\/","url_meta":{"origin":5502,"position":0},"title":"\u201cHand of Thief\u201d banking trojan doesn\u2019t do Windows\u2014but it does Linux","author":"NCCT","date":"August 9, 2013","format":false,"excerpt":"Signaling criminals' growing interest in attacking non-Windows computers, researchers have discovered banking fraud malware that targets people using the open-source Linux operating system. Hand of Thief, which was recently discovered by researchers from security firm RSA, sells for about $2,000 in underground Internet forums and boasts its own support and\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/08\/hand-of-thief-640x294.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/08\/hand-of-thief-640x294.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/08\/hand-of-thief-640x294.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5750,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/one-click-test-finds-gameover-zeus-infections-on-pcs\/","url_meta":{"origin":5502,"position":1},"title":"One-click test finds Gameover Zeus infections on PCs","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week. The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware\u2019s aggressive\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9168,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/05\/21\/fix-for-wannacry\/","url_meta":{"origin":5502,"position":2},"title":"Fix for WannaCry","author":"NCCT","date":"May 21, 2017","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?v=Llf04BW5v3A Megan Morrone talks to Iain Thomson about a possible fix for those infected with the Wannacry ransomware. Researchers have found a fix to unlock affected computers. The tool called wannakiwi allows you to avoid paying the bitcoin ransom, but only if you're running Windows XP, Windows 7, and Windows\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Llf04BW5v3A\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":5502,"position":3},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6142,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/06\/department-of-homeland-security-warns-retailers-of-backoff-pos-malware-techspot\/","url_meta":{"origin":5502,"position":4},"title":"Department of Homeland Security warns retailers of &#8216;Backoff&#8217; POS malware &#8211; TechSpot","author":"NCCT","date":"August 6, 2014","format":false,"excerpt":"The Department of Homeland Security yesterday issued an alert about a point-of-sale malware that was used in a string of recent attacks by cyber criminals. Dubbed Backoff, the malware has been witnessed on at least three separate forensic investigations since late 2013 and continues to operate today. According to US-CERT,\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7150,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/17\/russian-malware-targets-wordpress-users-over-100000-sites-infected\/","url_meta":{"origin":5502,"position":5},"title":"Russian malware targets WordPress users, over 100,000 sites infected","author":"NCCT","date":"December 17, 2014","format":false,"excerpt":"Our blog was not affected...NCCT. A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri. The malware exploits a previously-known vulnerability in a WordPress plugin called\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5502"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5502\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}