Malware Attack Approach: Deceptive Tactics

Tuesday, May 13, 2014 @ 01:05 PM gHale

Deceptive downloads and ransomware are becoming the attack approach for bad guys as a means of earning/stealing money.

At least that is how Microsoft sees it. In its latest Security Intelligence Report, the data gathered via the company’s Malicious Software Removal Tool and real-time protection products reveal that worldwide infection rates and encounter rates in the second half of 2013 have risen considerably.

Top Q1 Mobile Threat Target: Android
Firms Watch Data Walk Out the Door
Security and Safety: Perfect Together
All Companies Host Malware: Report

“More specifically, the infection rate increased from a CCM rate of 5.6 in the third quarter of 2013 to 17.8 in the fourth—a threefold increase, and the largest infection rate increase ever measured by the MSRT between two consecutive quarters. This rise was predominantly affected by malware using deceptive tactics, influenced by three families: Not unfamiliar to readers of this blog: Sefnit, and its related families Rotbrow and Brantall,” MS Malware Protection Center researchers said.

In fact, the latter two which, among other things have downloading and dropping capabilities, have been actively pushing and installing Sefnit, a bot often used for things like click fraud and Bitcoin mining.

Rotbrow often poses as software protecting users from malicious browser plug-ins (“Browser Protector”), and Brantall usually fronts as an installer for legitimate software programs.

Infection rates on all platforms were many times higher in 4Q13 mainly due to Rotbrow, the researchers said, adding they should return to more typical levels in 2014.

Another popular malware wielded by the criminals is Wysotot, a family of Trojans that change the start page of the user’s web browser. First detected late last year, Wysotot usually ends up installed by software bundlers that advertise free software or games.

“Ransomware is another type of deceptive tactic that is less prevalent but can be devastating to owners of infected systems,” they said. Reveton, Urausy, and Cryptolocker are still wreaking havoc and stealing money. Infections with the former have increased by 45 percent between the first and second halves of 2013.

But, the use of exploits declined. “First, a decline in web-based threats was seen, followed by a drop in Java exploits,” they said. “Some of this decline correlated with the discovery and subsequent arrest of alleged exploit kit author Paunch, and some of it might have been associated with exploit kit writers varying the exploits they use in their popular kits.”

Leave a Reply

You must be logged in to post a comment.