Feeds

Win7 machines harder hit by infection as VXers change tactics

Java-based exploits and phishing on social networks dominate

Securing Web Applications Made Simple and Scalable

Win7 infection rates rose during the second half of 2010 even as malware hit rates on XP machines declined, according to official statistics from Microsoft.

The latest edition of Microsoft's Security Intelligence Report shows an infection rate of four Win7 PCs per 1,000 in the second half of 2010, up from three Win7 PCs per 1,000 during the first half of 2010. The rise of more than 30 per cent contrasts with a drop of the infection rate, albeit from a much higher starting point, for older and less secure machines running Windows XP. Both figures were taken from scans using Microsoft's Malicious Software Removal Tool (MSRT).

Infection rates for Win XP SP3 machines fell from around 18 per 1,000 to 14 per 1,000 PCs. Machines running XP SP3 fared better than computers running only XP SP2, where infection rates dropped from around 20 per 1,000 to 18 per 1,000 over the same period. Infection rates on Vista machines also dropped from around 11 per 1,000 to 10 per 1,000 or slightly less, for machines running SP2.

As Microsoft points out, Win7 machines have more built-in security protection and are more immune from security attacks than machines running Vista or Win XP. However this security performance boost is decreasing, possibly as a result in a change of tactics by malware-peddling baddies.

Microsoft records a massive fourteen-fold rise in Java-based attacks during Q3 2010, as miscreants sought to exploit a pair of vulnerabilities prevalent at the time. These two vulnerabilities (CVE-2008-5353 and CVE-2009-3867) accounted for 85 per cent of all Java exploits detected in the second half of 2010. Operating system exploits, which have declined over recent months, increased significantly in Q3 2010, primarily because of exploitation of two Windows vulnerabilities, Redmond's security watcher notes.

The period also saw an enormous increase of 1,200 per cent in phishing using social networking as the lure, as social networks become lucrative hotbeds for criminal activity. Phishing using social networking as a lure increased from a low of 8.3 per cent of all phishing attacks in January to a high of 84.5 per cent in December 2010.

In addition, the Security Intelligence Report also charts a big rise in adware-based attacks. Two new strains of adware, JS/Pornpop and Win32/ClickPotato, were major contributors to this increase. Both strains of malware generate pop-ups on infected machines. In the case of Pornpop these pop-ups advertise smut sites.

Microsoft's full 89-page report can be downloaded here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.