The ZDNet Zero Day blog reports that Microsoft’s (MSFT) recently released Security Intelligence Report identified socially engineered malware (scareware pop ups; blackhat search engine optimization attacks) enticing users into downloading and executing a malicious file as the most used malware propagation tactic.
Based on a sample of 600 million systems worldwide, MSFT research ranks AutoRun USB infection as the second most used malware propagation tactic, according to Zero Day. Microsoft disabled AutoRun by default on Windows XP and Vista in February to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.
T
he report also points out that zero day flaws do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general according to the ZDNet blog.
More propagation tactics:
User Interaction required – 44.8%
AutoRun USB – 26%
AutoRun: Network – 17.2%
File Infector – 4.4%
Exploit: Update Long Available – 3.2%
Exploit: Update Available – 2.4%
Password Brute Force – 1.4%
Office Macros – 0.3%
Exploit: Zero Day – 0%
Zero Day points out that Microsoft is missing malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins. The MSFT report says attackers regulrlly exploit client-side Java. Java exploits were responsible for between one-third and one-half of all exploits observed in the four most recent quarters including:
Oracle (ORCL) (formerly Sun) Java Runtime Environment (JRE),- Java Virtual Machine (JVM)
- Java SE in the Java Development Kit (JDK)
rb-
I wrote about the problems with old versions of Java and JavaRa which can delete all the old unnecessary files java leaves on your hard drive everything Sun Oracle plugs some more holes in their app.
Related articles
- In minimizing zero-day, Microsoft misses the point (infoworld.com)
- PC viruses are mostly your fault, Microsoft says (money.cnn.com)
hi, fantastic page, and a great understand! one for my book marks.
Great article. Thank you to tell us more useful information. I am looking forward to reading more of your articles in the future.