{"id":10835,"date":"2011-11-03T19:15:49","date_gmt":"2011-11-03T23:15:49","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/?p=10835"},"modified":"2021-08-10T17:25:00","modified_gmt":"2021-08-10T21:25:00","slug":"how-does-malware-spread","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/how-does-malware-spread\/","title":{"rendered":"How Does Malware Spread?"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"wp-image-10842 alignleft\" style=\"border: 0pt none; margin-left: 3px; margin-right: 3px;\" title=\"malware\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/malware1.jpg?resize=90%2C90&#038;ssl=1\" alt=\"\" width=\"90\" height=\"90\" \/>The <em><a title=\"www.zdnet.com\" href=\"http:\/\/www.zdnet.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">ZDNet<\/a> <a title=\"www.zdnet.com\/\" href=\"http:\/\/www.zdnet.com\/blog\/security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Day<\/a><\/em> blog <a title=\"www.zdnet.com\/\" href=\"https:\/\/web.archive.org\/web\/20141024050142\/http:\/\/www.zdnet.com:80\/blog\/security\/which-is-the-most-popular-malware-propagation-tactic\/9638\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> that <a href=\"http:\/\/www.microsoft.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft&#8217;s<\/a> (<a href=\"https:\/\/www.tradingview.com\/symbols\/NASDAQ-MSFT\/\" target=\"_blank\" rel=\"noopener noreferrer\">MSFT<\/a>) recently released <a title=\"www.microsoft.com\" href=\"https:\/\/web.archive.org\/web\/20170508143511\/https:\/\/www.microsoft.com\/security\/sir\/default.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Security Intelligence Report<\/a> identified <a title=\"socially engineered malware\" href=\"https:\/\/web.archive.org\/web\/20160409060928\/http:\/\/operationstech.about.com\/od\/glossary\/g\/Socially-Engineered-Malware.htm\" target=\"_blank\" rel=\"noopener noreferrer\">socially engineered malware<\/a> (<a title=\"scareware pop ups\" href=\"https:\/\/web.archive.org\/web\/20221130174119\/https:\/\/spamlaws.com\/how-scareware-works.html\" target=\"_blank\" rel=\"noopener noreferrer\">scareware pop-ups<\/a>; <a title=\"blackhat search engine optimization attacks\" href=\"http:\/\/nakedsecurity.sophos.com\/2010\/03\/31\/automated-seo-poisoning-attacks-explained\/\" target=\"_blank\" rel=\"noopener noreferrer\">blackhat search engine optimization attacks<\/a>) enticing users into downloading and executing a malicious file as the most used malware propagation tactic.<\/p>\n<p><a title=\"Scareware\" href=\"https:\/\/billmullins.wordpress.com\/2009\/04\/06\/how-to-remove-scareware-common-issues\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-10843 \" style=\"border: 0pt none; margin-left: 3px; margin-right: 3px;\" title=\"scareware\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/scareware.jpg?resize=98%2C78&#038;ssl=1\" alt=\"Scareware\" width=\"98\" height=\"78\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/scareware.jpg?resize=300%2C237&amp;ssl=1 300w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/scareware.jpg?resize=150%2C118&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/scareware.jpg?w=473&amp;ssl=1 473w\" sizes=\"auto, (max-width: 98px) 100vw, 98px\" \/><\/a>Based on a sample of 600 million systems worldwide, MSFT research ranks <a title=\"USB\" href=\"https:\/\/web.archive.org\/web\/20130515091942\/http:\/\/searchwinit.techtarget.com\/definition\/AutoRun\" target=\"_blank\" rel=\"noopener noreferrer\">AutoRun<\/a> <a title=\"Universal Serial Bus\" href=\"http:\/\/en.wikipedia.org\/wiki\/Universal_Serial_Bus\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">USB<\/a> infection as the second most used malware propagation tactic, according to <em>Zero Day<\/em>. Microsoft <a title=\"Microsoft disabled AutoRun\" href=\"https:\/\/web.archive.org\/web\/20140331064240\/http:\/\/technet.microsoft.com:80\/en-us\/security\/advisory\/967940\" target=\"_blank\" rel=\"noopener noreferrer\">disabled AutoRun<\/a> by default on <a title=\"Windows XP\" href=\"http:\/\/www.microsoft.com\/windows\/windows-xp\/default.aspx\" target=\"_blank\" rel=\"homepage noopener noreferrer\">Windows XP<\/a> and <a title=\"Windows Vista\" href=\"http:\/\/windows.microsoft.com\/en-US\/windows-vista\/products\/home\" target=\"_blank\" rel=\"noopener noreferrer\">Vista<\/a> in February to prevent malware infections. The results, at least according to Microsoft, have indicated a significant decline in malware using AutoRun as a spreading mechanism.<\/p>\n<p>The report also points out that <a title=\"Zero day flaw\" href=\"http:\/\/searchsecurity.techtarget.com\/definition\/zero-day-exploit\" target=\"_blank\" rel=\"noopener noreferrer\">zero-day flaws<\/a> do not necessarily represent a driving force in the growth of malicious attacks or cybercrime in general according to the <em>ZDNet<\/em> blog. More propagation tactics:<\/p>\n<ul>\n<li>User Interaction required &#8211; 44.8%<\/li>\n<li>Au<a href=\"https:\/\/www.techgainer.com\/how-disable-autoron-usb-cd-dvd-windows\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97270\" title=\"Auto-run malware\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/autorun-virus.jpg?resize=120%2C120&#038;ssl=1\" alt=\"Auto-run malware\" width=\"120\" height=\"120\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/autorun-virus.jpg?w=150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/autorun-virus.jpg?resize=75%2C75&amp;ssl=1 75w\" sizes=\"auto, (max-width: 120px) 100vw, 120px\" \/><\/a>toRun USB &#8211; 26%<\/li>\n<li>AutoRun: Network &#8211; 17.2%<\/li>\n<li><a title=\"Computer virus\" href=\"http:\/\/en.wikipedia.org\/wiki\/Computer_virus\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">File Infector<\/a> &#8211; 4.4%<\/li>\n<li><a title=\"Exploit (computer security)\" href=\"http:\/\/en.wikipedia.org\/wiki\/Exploit_%28computer_security%29\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">Exploit<\/a>: Update Long Available &#8211; 3.2%<\/li>\n<li>Exploit: Update Available &#8211; 2.4%<\/li>\n<li>Password Brute Force &#8211; 1.4%<\/li>\n<li>Office Macros &#8211; 0.3%<\/li>\n<li>Exploit: Zero Day &#8211; 0%<\/li>\n<\/ul>\n<p><em>Zero Day<\/em> points out that Microsoft is missing malware that spreads without user interaction, namely through the exploitation of client-side vulnerabilities in third-party software and browser plugins.\u00a0 The MSFT report says attackers regularly exploit client-side Java. Java exploits were responsible for between one-third and one-half of all exploits observed in the four most recent quarters including:<\/p>\n<ul>\n<li><a title=\"Java\" href=\"https:\/\/www.java.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-10839\" style=\"border: 0pt none; margin-left: 3px; margin-right: 3px;\" title=\"java_logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/java_logo.jpg?resize=89%2C89&#038;ssl=1\" alt=\"\" width=\"89\" height=\"89\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/java_logo.jpg?w=298&amp;ssl=1 298w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/10\/java_logo.jpg?resize=150%2C150&amp;ssl=1 150w\" sizes=\"auto, (max-width: 89px) 100vw, 89px\" \/><\/a><a title=\"Oracle\" href=\"https:\/\/www.oracle.com\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Oracle<\/a> (<a title=\"NASDAQ : ORCL\" href=\"https:\/\/www.tradingview.com\/symbols\/NYSE-ORCL\/\" target=\"_blank\" rel=\"noopener noreferrer\">ORCL<\/a>) (formerly Sun) <a title=\"Java Virtual Machine\" href=\"http:\/\/en.wikipedia.org\/wiki\/Java_Virtual_Machine\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">Java Runtime Environment<\/a> (JRE),<\/li>\n<li><a title=\"Java Virtual Machine\" href=\"https:\/\/web.archive.org\/web\/20160722130546\/http:\/\/searchsoa.techtarget.com:80\/definition\/Java-virtual-machine\" target=\"_blank\" rel=\"noopener noreferrer\">Java Virtual Machine<\/a> (JVM)<\/li>\n<li><a title=\"Java Platform, Standard Edition\" href=\"http:\/\/en.wikipedia.org\/wiki\/Java_Platform%2C_Standard_Edition\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">Java SE<\/a> in the <a title=\"Java Development Kit\" href=\"http:\/\/en.wikipedia.org\/wiki\/Java_Development_Kit\" target=\"_blank\" rel=\"wikipedia noopener noreferrer\">Java Development Kit<\/a> (JDK)<\/li>\n<\/ul>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>I <a title=\"rbach.net\" href=\"https:\/\/wp.me\/p2wgaW-FW\" target=\"_blank\" rel=\"noopener\">wrote<\/a> about the problems with old versions of Java and <a title=\"JavaRa\" href=\"http:\/\/web.archive.org\/web\/20120115065719\/http:\/\/raproducts.org:80\/wordpress\/software\" target=\"_blank\" rel=\"noopener noreferrer\">JavaRa<\/a> which can delete all the old unnecessary files java leaves on your hard drive everything <del>Sun<\/del> Oracle plugs some more holes in their app.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20141024050142\/http:\/\/www.zdnet.com:80\/blog\/security\/which-is-the-most-popular-malware-propagation-tactic\/9638\" target=\"_blank\" rel=\"noopener noreferrer\">Which is the most popular malware propagation tactic?<\/a> (zdnet.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ZDNet reports that MSFT says malware spreads via User actions AutoRun USB and Network File Infector Exploits Password Brute Force Office Macros Zero-Day<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3045,837,1865,177,82,421,836,843,1866,4,517,1580,445,1756],"class_list":["post-10835","post","type-post","status-publish","format-standard","hentry","category-security","tag-3045","tag-autorun","tag-development-kit","tag-java","tag-microsoft","tag-msft","tag-oracle","tag-orcl","tag-platform-standard-edition","tag-security","tag-universal-serial-bus","tag-virtual-machine","tag-windows","tag-xp"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/10835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=10835"}],"version-history":[{"count":12,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/10835\/revisions"}],"predecessor-version":[{"id":132930,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/10835\/revisions\/132930"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=10835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=10835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=10835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}