Posts tagged Microsoft security malicious downloaders
Anti-malware vendors advise about downloaders used to infect PCs
Microsoft is placing makers of downloader software on observe when it sees that their softwares are getting used to infect PCs, and it is effective anti-virus vendors that maybe these downloader agenda ought to be tagged as malware.
In its latest Security Intelligence Report the corporation comments that the use of previously benign downloaders has ever more become a means to infect computers with malware, mainly click-fraud programs and ransomware in which assailant extort cash from wounded in return for return their equipment to a useful state.
As part of its manufacturing teamwork, Microsoft shares the data it gathers from its clients about infections with related parties. In this case it tells the downloader makers in hopes they can restrict use of their products to legitimate purposes.
It tells anti-malware vendors so they are aware that certain downloaders represent a threat and should be removed from computers protected by their products, says Holly Stewart, a senior program manager in Microsoft’s Malware defense Center.
A downloader called Rotbrow was the one mainly often used to help malicious actions throughout the last partially of 2013, most usually by downloading a click-fraud app called Sefnit. Before that Rotbrow didn’t record at all as a tool use by attackers, Stewart says.
characteristically the downloaders are bundled with useful freeware such as software to unzip archive. The downloaders might be used legitimately to download updates to the unzip programs, or to download malware, Stewart says.
The dominant types of malware Microsoft observed being downloaded in this way during the last half of 2013 were BitCoin miners and click-fraud programs.
Bitcoin miners run in the background of infected computers to confirm and process Bitcoin transactions in exchange for earning Bitcoins. The attacker reaps the Bitcoins earned by the infected computers. Click fraud forces the infected computer’s browser to automatically click on advertisements that earn cash for each click logged. In both cases indication of the infections can decrease performance of the engine involved.
Microsoft also experimental the proliferation of ransomware, with one called Reveton important the pack and enjoying a 45% raise in use during the last half of 2013, Stewart says. The need to disinfect Microsoft computers of ransomware tripled during the same time period, according to the Security Intelligence Report.
Microsoft procedures prevalence of malware by including the number of computers cleaned per 1,000 computers that are execute Microsoft’s Malicious Software Removal Tool. For ransomware in general, that count rose from 5.6 to 17.8 between the third and fourth quarters of last year, Stewart says.
Ransomware attacker’s goal picky regions with particular ransomware platforms, she says. For example, the one called Crilock is aimed mostly at computers in the U.S. and U.K. while Reveton aims at the likes of Spain, Belgium, Portugal, Hungary and Austria.