Microsoft: Deceptive downloads and ransomware on the rise

Microsoft's Malware Protection Center continues to monitor Internet threats from cyber criminals and the division recently announced that it will have new criteria for what it considers adware on July 1st. Today, the center has issued an update to its Security Intelligence Report and its leader, Holly Stewart, talked to Neowin by phone earlier this week about two threats that have increased under its watch in the past year.

Deceptive downloads, which try to mask malware by hiding in software that appears to be benign, are on the rise. Stewart told Neowin that the amount of PCs that had to be cleaned of malware due to deceptive downloads more than tripled in the last quarter of 2013. The Rotbrow family of malware is the one that has been used most often in this kind of delivery system.

While not as prevalent as deceptive downloads, Stewart told Neowin that ransomware is also on the rise. That's where a person surfing on the Internet might encounter a website that claims to be from a government agency and says that the user has violated the law, but can get out of it by paying a fine online. These kinds of pages are, of course, fake. Stewart told us the biggest ransomware family is Reveton, which increased by 45 percent on the Internet between the first and second half of this year.

Individuals and businesses can fight off both deceptive downloads and ransomware on their PCs by taking common sense precautions, according to Stewart. That includes keeping their software and antivirus definitions updated, use the most recent software available, only download products from a trusted site or vendor, back up files regularly and, of course, "think before you click."

There was some good news to report this week. Stewart told us that between 2010 and 2013, the number of severe vulnerabilities that had been exploited in Microsoft's software products has actually decreased by 70 percent. The full report is available for download at Microsoft's website.

Images via Microsoft

Report a problem with article
Previous Story

The most important question of the Microsoft - Nokia acquisition, who owns Snake?

Next Story

Microsoft, Intel, Samsung and other companies celebrate World Password Day

16 Comments

Commenting is disabled on this article.

Google pioneered tricking end users into downloading Chrome by checking the box for you.

Now BOTH BING, AND Google park Malware laden downloads at the top of their paid search results. Maybe Bing would like to really differentiate itself from Google by not doing that.

And anyone who thinks it's "common sense" to not get "tricked", has no concept of what consumers need. It's RT in the Windows world.

No wonder. I have noticed that even Google has more and more scam and phishing websites in their search results. All the download sites that want you to download a download client and bull**** like that. But I guess if they are hiding their Chrome browser in every software they can, and try to sneak it by the user, I am not surprised.

A lot of high ranking websites with DOWNLOAD HERE banners all jammed around the download button. I usually know how to avoid junk but still every now and then click a banner.

But I have popups entirely disabled in IE (needs override) so it doesn't do much. But quite sure plenty of people fall for it :)

But the #1 reason for infection is porn anyways.

The "common sense" argument doesn't really help naive users who don't have any interest in why their internet works, they just want to use it. Instead of blaming Grandma for getting duped, maybe we should look at creating and implementing better tools that are easier for people like her to actually use. It shouldn't be this difficult for naive or even stupid users to be better protected should it?

I truly hate ransomware and would like to see their creators hanged, drawn and quartered. Those webpages that you can't click away and even bother you when you launch the task manager to "End Task" truly pee me off.

techbeck said,
Ransomware...biggest PITA.

Agreed. I've seen so many Windows systems infected with it, it's frightening. They're a damn pain to remove as well.

If you can remove them. When you first see it, you need to kill the power to the machine and remove the HD and then access files that way. You are only given a limited amount of time to pay the scammers to get your files. And even if you do pay, doesnt mean you will get access to your data.

"think before you click."

And that's where the perfect OS or security suite won't protect you... can't download common sense.

TPreston said,
http/https filtering will block the download and any backdoor downloads
AV will block the execution of the ransomware
Applocker if setup can block non whitelisted applications

No AV is 100% perfect, never mind all of that falls under common sense security precautions, which 99% of people probably don't do... if that were true then it wouldn't be such a big issue on Windows, Android, etc. Hence the first comment.

Max Norris said,

And that's where the perfect OS or security suite won't protect you... can't download common sense.

Yes, but take note of:

Cybercrimals are tricking people into downloading malware by packaging it with legitimate content downloaded online.

It all comes back to what we've discussed for a while now, and that's the question of where people get their apps / content from. If they're used to going online to find it, then the likelihood of them downloading malware disguised as legitimate content is very high. And that's the problem with Windows at the moment. The Marketplace is going in the right direction because it can curate the content, but currently it's not the main source of software and content on Windows.

GNU/Linux on the other hand has peer reviewed repositories which serve as an exclusive source of software and content for most users. This alone is a massive deterrent to the economics of malware writers, who need a large number of users to run software from adhoc sources.

simplezz said,
It all comes back to what we've discussed for a while now, and that's the question of where people get their apps / content from.

Yes, and as we've (frequently) covered time and time again, that only works if people actually stay in those repositories... which isn't going to happen when commercial software or piracy comes into play, never mind there's a lot of legitimate third party repositories... wouldn't be terribly hard to hide something extra in there. "Peer reviewed" only works when people are actually looking at it.. which the recent news has repeatedly shown doesn't exactly happen.

And again, failing common sense, people tend to click whatever looks good.. Seems legit, click, dead. Also, when you're dealing with a ton of closed source software, it's impossible to have one "peer reviewed" repository that everyone will agree on. Open source, sure, there's no issues, copy away. Distributing somebody elses products that they tend to expect to get paid for... that's something else entirely. Start uploading commercial games to your repository of choice, see what happens. And of course, it also doesn't help when there's misbehaving software in the repository to begin with, namely looking at ChromeOS and once in a while Android at that one. Not running rampant of course, but it's happened on several occasions already.