Threats from the web becoming more prevalent than network worms

Share this article:

For the first time, enterprise networks face a greater threat from malware served from websites than worms spreading across their network, according to Microsoft's bi-annual "Security Intelligence Report," released this week.

For 3 1/2 years, Conficker, a worm first discovered in November 2008 and primarily found on corporate PCs, reigned as the top threat facing enterprises.

But Conficker, along with a generic family of worms called "AutoRun," have been replaced by web-based threats, including IFRAMEs, which seed trusted websites with JavaScript code to redirect victims to a malware-serving site. Microsoft also found a rise in reports of the BlackHole exploit kit, which is comprised of a cocktail of exploits that take advantage of various vulnerabilities, or the Zbot trojan (also known as Zeus), most commonly known for stealing banking information.

In fact, seven of the top 10 enterprise threats are associated with hacker-owned websites or legitimate sites that have been compromised by saboteurs.

Conficker still remains second on the list, however. But according to the report, which culled data from the Microsoft Software Removal Tool's scan of 600 million customers each month, the share of threats from Conficker and AutoRun fell 37 percent between 2011 and the second half of 2012.

Even though Conficker and related families have proven difficult to squash, a new variant hadn't been produced in several years. The malware was initially spread by exploiting a vulnerability in Windows Server service, but that defect was patched nearly four years ago. Lately, the malware most commonly has been propagating through the brute-forcing of weak passwords.

But fear not, enterprises. Holly Stewart, senior program manager at Microsoft's Malware Protection Center, said keeping software patched is a major step toward limiting all of these web-based threats.

"Just having your software up to date is a pretty good mitigation against the vast majority of attacks that were out there," she told SCMagazine.com this week.

[An earlier version of this story incorrectly called the MSRT, the Microsoft Security Response Tool.]

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.