What's in the Microsoft Security Intelligence Report?

Category: Security

Twice a year, Microsoft releases an updated Security Intelligence Report detailing the latest threats, countermeasures, and trends in computer and Internet security. The SIR for the second half of 2013 is out, and it highlights trends that are important to consumers as well as business users. Here are the highlights, and what you should know...

Microsoft Sheds Light on Security Threat Trends

The “Exploitation Trends” section of the latest Microsoft Security Intelligence Report explores the tricks and tactics that are increasingly popular among bad actors. (And I don't mean Lindsay Lohan or Charlie Sheen.) Knowing these trends can help you evaluate security software and avoid behavior that can put you at greater risk of infection or invasion.

Here is a summary of the latest exploitation trends:

The SIR report says that “In the modern era, the profit motive underlies most malicious exploitation activity.” The days of hacking for laughs or street cred are pretty much gone because as security has tightened up it takes a lot more money and effort to hack. The good news is that you are less likely to fall victim to a random, senseless act of online vandalism. The bad news is that you may be targeted by professional cybercrooks with formidable, sophisticated burglary tools.
Security Intelligence Report

The profit motive means that not every vulnerability gets exploited. In fact, the percentage of newly discovered vulnerabilities in Microsoft software that actually are exploited by malware authors has been plummeting since its peak of about 42% in 2010; it’s down to 10% now. So when you read a breathless alarm about a new zero-day threat, there is only a 10% chance that it will actually materialize.

The odds that it will strike you personally are, of course, even smaller. That does not mean you can afford to be careless about security, but you don’t have to panic at every overblown news report. Just make sure your operating system, application software and security tools are up to date. (See my related articles Free Anti-Virus Programs and Computer Security: The Missing Link)

The report says, “the number of zero-day exploits detected each year has decreased since 2011 in absolute terms; subsequently, zero-day exploits have accounted for a larger share of the total in each of the last three years.” A “zero-day” exploit is one that exploits a vulnerability that security pros don’t know about until it’s exploited; they have “zero days” to prepare a defense. (See Avoiding Zero-Day Exploits)

The implication of this twofold factoid is that the total number of exploits detected has decreased even faster than the number of zero-day exploits. In other words, good guys are getting better at closing newly discovered security holes before they are exploited. That’s good news.

You Too Can Be an Evil Hacker!

Often, a vulnerability discovered by a “black hat” researcher is sold one time to another bad guy who develops software to exploit the vulnerability. Usually, the exploit is launched against a single, high-value target such as… well, Target Stores, for instance. But Microsoft’s report notes a rise in a form of mass distribution of vulnerabilities: the so-called “exploit kit.” These kits can be used by less technical "script kiddies" who lack the skills to develop their own exploits. Consumers are the target of these proliferating dangers.

Exploit kits are suites of malicious apps, each of which targets a specific vulnerability on a specific computing platform. The malware can be extremely specialized, e. g., one version for Web browsers that have Flash enabled and another for identical browsers that do not. The exploit kit, along with software that manages it, is hosted on a central server that is usually not the one victims visit.

Instead, the owner of the exploit kit seeds many Web sites with small bits of code that does a simple task. Using data that your browser sends to every site it visits, the code determines what browser you’re using, your operating system, what browser plug-ins you have installed, and other data that has perfectly legitimate uses to perfectly legitimate sites. But unlike legit sites, this code also probes for unpatched vulnerabilities that can be exploited.

The code sends this information to the exploit kit, which selects malware payloads tailored to the victim at hand and delivers it to the victim’s browser. To minimize the possibility of detection, it doesn’t send every exploit possible; just the few that are most likely to succeed based on past results.

Exploit kits are intended for marketing to wannabe cybercriminals, so their price must be kept relatively low. Highly valuable zero-day vulnerabilities won’t be targeted by cheap exploit kits. Instead, the kits contain exploits that attack vulnerabilities that were patched more than 30 days ago; these are cheap because they seldom work.

But if you’re the kind of person who doesn’t keep software up to date with security patches, these obsolete exploits WILL work on you! Pay attention here, if you're still running XP. (See Windows XP: Game Over.)

Freeware and Foistware

Malware buried in long-established legitimate free software is now one of the top 10 threats, according to the Microsoft report. Such “deceptive downloads” include “Rotbrow” and “Brontall,” which have been found in browser toolbars, security software, and codec packages. The report lists supposedly legitimate programs that are sometimes infected with these nasty bits, including 77Zip, Best Codecs Pack, PC Doer, Video Doer, Speed Analysis, eType and RocketPDF.

Not every copy of these programs is infected with malware; if you obtain a well-known free download from its developer’s site, you’ll be safe. But honestly, I'd advise staying away from ALL of those titles. eType seems marginally useful, and RocketPDF is a ripoff of SumatraPDF. All the others are either sketchy or so obscure I couldn't even find them with a Google search.

In my opinion, Microsoft would do better to shed light on the foistware problem, and specifically, the shameful tactics being employed by CNET's Download.com and Tucows. (See Downloading? Watch Out For These Danger Signs.)

The most important takeaway from this “threat trends” report is that the vulnerability you really need to fear is not just the one that’s making headlines right now. It’s also the one you’ve never heard of or thought had been eradicated long ago. And the only way to guard against those is to keep your guard up routinely, not just when the mass media alarms sound.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 May 2014

For Fun: Buy Bob a Snickers.

Prev Article:
Smartpens Wise Up

The Top Twenty
Next Article:
Geekly Update - 14 May 2014

Most recent comments on "What's in the Microsoft Security Intelligence Report?"

Posted by:

Don Shenton
13 May 2014

Keep up the good work, Bob.

Just one comment: Microsoft can't say too much about foistware when Google Chrome settings get changed "automatically" to Bing!


Posted by:

Brian S.
13 May 2014

I definitely agree with the foistware problem. My old lady has that impatient click, click, click mentality and whenever she updates Java, she inadvertently allows Chrome to be installed on her laptop. It doesn't matter how many times I tell her that she needs to read the fine print and untick the box, it happens every update. A few weeks ago, she had the Ask toolbar somehow installed in IE and it changed her homepage. Unfortunately, I think some people just don't care.

EDITOR'S NOTE: Chrome is an excellent, secure browser. Did you mean something else?

Posted by:

Frank Klett
13 May 2014

I have to agree with you on CNET and Tucows adding foistware on their downloads...I have not used them in months for that exact reason. There are too many "good" sites out there.
Thanks for your thoughts on the industry...your efforts are certainly appreciated.

Posted by:

Brian S.
13 May 2014

No Bob, I meant Google Chrome. Remember, Google's main purpose is to collect as much data as possible. I have the Chromium based Comodo Dragon that I use instead of Chrome when I'm not using Opera. It's designed to be even more secure and Comodo is not out to track you like Google does. Google also has targeted ads when you use their search engine and I'd rather not have that. I use DuckDuckGo and Ixquick exclusively.

Posted by:

13 May 2014

I am not certain how long the 'unchecky' (*http://unchecky.com/) utility will remain a FREEware or due to its FREEware nature; it will be forced to include FOISTware when downloaded/installed. I just noticed that C|Net now includes it as a download.
Even certain "OpenSource" downloads from the way respected http://sourceforge.net/ are including unwanted payloads. The term FREEware has morphed but as pappy used to say 'there ain't no such thing as FREE lunch'! A user almost needs to trial out (verify) any 'FREEware' in a sandbox environment prior to really installing it as a single stand-alone package.

Posted by:

13 May 2014

Not much can be added by myself. As I am a senior new born to this war on elvectronic troubles, having been attacked numerous times in the past week. Mothers day was recovery for this machine. Even now i;m not sure which recovery software unscrambled the mess.. Till the next time, Al

Posted by:

13 May 2014

Hi Bob,

In regards to your editor's note on Don's post: there are quite a few software updates that preselect a checkbox to install the Chrome browser and make it your default browser. I've almost had it happen a few times myself as it seems to be attached to quite a few programs that I use. I've heard Chrome is a great browser but I prefer Firefox myself so when software that I want tries to sneak it by me via a conveniently preselected checkbox, I, too, feel that it's being foisted on me!

Excellent & informative post again as usual!

Posted by:

13 May 2014

Yes, Chrome is an excellent browser. That is why it is sourced from so many locations and is loaded with foist ware by the ton according to the source chosen. When getting it for my wife's new desktop, I had to refuse installation 3 times to get to a place I could just get the browser with nothing hanging off of it. Vigilance, vigilance, vigilance..... and you'll still get bit.

EDITOR'S NOTE: Huh, I never would have considered downloading Chrome from any site other than Google's: https://www.google.com/intl/en/chrome/browser

Posted by:

14 May 2014

Thanks Bob, yet another outstanding and informative article - is there no end to your diligence? As an aside I usually use Chrome as my main browser with a number of popular extensions - particularly ad block and never, download any program from any site except the actual publisher.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- What's in the Microsoft Security Intelligence Report? (Posted: 13 May 2014)
Source: https://askbobrankin.com/whats_in_the_microsoft_security_intelligence_report.html
Copyright © 2005 - Bob Rankin - All Rights Reserved