Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 26th, 2012 in Web Threats by Simply Security | 2 Comments | Tags: web threats

Cybercriminals are capitalizing on interest in free software and digital media.

This month, Microsoft released its Security Intelligence Report volume 13 (SIRv13), framing the global cybersecurity landscape during the first half of 2012 with data gathered from more than 600 million systems across more than 100 countries. Although the report did confirm progress in several areas, the numbers revealed several concerning trends by which web users are contracting malware infections amid their search for free software downloads.

Cybercriminals target those trying to game the system

One of the Internet's greatest qualities is its ability to provide affordable access to, and sharing of, information, ideas and media of all kinds. Unfortunately, this notion is not lost on cybercriminals. Oftentimes, they will lay their traps in and around the free software and similarly attractive deals that web users naturally gravitate toward. And while targeting bargain hunting browsers is not necessarily a new tactic, according to Microsoft program manager Joe Blackbird, these social engineering schemes are becoming an increasingly popular avenue for malware distribution.

One of the key trends identified by Microsoft Internet security researchers involved users downloading software key generators (KeyGens) that effectively crack or unlock licenses to permit free use beyond initial trial periods. Cybercriminals have been inserting themselves between users and the media they are looking for by either creating fraudulent copies of the program or bundling in hidden malware along with the software downloads.

According to Microsoft, more than three-quarters of machines running KeyGen programs were also exposed to dangerous malware. This co-infection rate is approximately 10 percent higher than the average for all other software families.

"KeyGen detections have increased by a factor of 26 since the first half of 2010. The most recent surge is largely due to detections of a KeyGen for Angry Birds Space and Battlefield: Bad Company," Microsoft Trustworthy Computing director Tim Rains told Dark Reading. "Cybercriminals see this growth as another opportunity to use social engineering as a method to swindle money from their victims."

KeyGen downloads are not the only way that online bargain hunters can find themselves in the crosshairs, however. Blackbird noted that hackers have been tainting search results for free software and media with links to malicious webpages designed to take advantage of known vulnerabilities on the user's machine.

This threat vector has become particularly popular following the rise of the Blacole exploit kit, which began in late 2011. According to the report, this malicious and widely available cybercriminal resource essentially streamlines the process of scanning for unpatched vulnerabilities across dozens of software programs a user may be running.

Mitigating the damage

Some experts have little pity for victims of these attacks, suggesting that it serves users right for engaging in acts of digital piracy. However, sometimes these actions are more misguided than malevolent. And regardless, the sheer popularity of KeyGen downloads and deal-seeking searches makes it an issue that merits the attention of the IT community.

"The [rogue] software installation problem can be addressed by tightly managing the process and taking administrator privileges away, which is an uphill battle," Qualys CTO Wolfgang Kandek told Dark Reading. "Browser vulnerabilities, on the other hand, are entirely avoidable by IT taking over responsibility for the entire browser stack – browser, Java, Flash, PDF – and applying patches consistently."

At the same time, end-user awareness will be an invaluable asset. As Rains explained in an interview with Network World, it's all about developing the sense of judgment that can separate websites worthy of one's trust from those that could pose significant dangers. Managing passwords intelligently, enabling firewalls and consistently updating software are also practices that will never go out of style.

Security News from SimplySecurity.com by Trend Micro