It was not the first time I had the same argue: some of my peers and even colleagues still think that the major infection method for client computers is through some kind of vulnerabilities which don’t involve stupidity. I believe (and I have some brothers in arm in my belief) that abovementioned “stupidity”, or let’s say lack of education and carelessness is the major threat. What am I talking about? Well… Some of the sources tells us that most of successful malware installs itself using USB sticks, shared drives or some kind of other user-involving technologies.
For example, in MS Security Intelligence report #9 (1H2010) we see the following table:
| 1 |
Win32/Taterf |
| 2 |
Win32/Frethog |
| 3 |
Win32/Renos |
| 4 |
Win32/Rimecud |
| 5 |
Win32/Conficker |
| 6 |
Win32/Autorun |
| 7 |
Win32/Hotbar |
| 8 |
Win32/FakeSpypro |
| 9 |
Win32/Alureon |
| 10 |
Win32/Zwangi |
These are the top 10 malware families detected on client computers. The 1st is the most often detected. The 10th, correspondingly, the least (of these 10, of course). Now I will just repeat the table with addition of infection mechanisms:
| 1 |
Win32/Taterf |
Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games. |
| 2 |
Win32/Frethog |
Spreads Via…Mapped Drives |
| 3 |
Win32/Renos |
Downloads of “video codecs” and other “goodies” from malicious sites. |
| 4 |
Win32/Rimecud |
Win32/Rimecud is a family of worms with multiple components that spreads via removable drives, and instant messaging. |
| 5 |
Win32/Conficker |
No argues here: it is spreading through the vulnerability. And still: “it may also spread via removable drives and by exploiting weak passwords.” |
| 6 |
Win32/Autorun |
No arguing here, too: “spreads through fixed and removable drives by dropping copies of itself.” |
| 7 |
Win32/Hotbar |
Install it yourself kit. Seriously. |
| 8 |
Win32/FakeSpypro |
Rogue:Win32/FakeSpypro may be installed from the program’s web site or by social engineering from third party web sites. |
| 9 |
Win32/Alureon |
Manual download (keygens, drive-by downloads, etc…) |
| 10 |
Win32/Zwangi |
Manual download. |
You know what? I even don’t want to discuss it. Read one more report. And that’s all: no need to “hack” into your computer if a criminal can hack into your head.
Be careful at least this year and the following ones =)
Pingback: Blog wrap-up for January 2011 » IT, IS, etc…