The Internet is a dangerous place, in general. And, depending on what you’re looking for online, it might be very dangerous, indeed, according to Microsoft.
Writing in the company’s latest Security Intelligence Report, Microsoft said that its Malware Protection Center (MMPC) has observed an increase in malicious code infections that emanate from what it calls the “unsecure supply chain” – the informal network of legitimate and underground web sites that distribute freeware and pirated software.
Freeware that promises to generate registration keys for popular products like Adobe’s Photoshop, Microsoft Windows and games such as Call of Duty were among the most commonly associated with malicious programs, Microsoft said. Internet users hoping to unlock pirated software download the key generators believing that they will produce a valid registration key, but often end up infecting their system in the process.
But malware authors and cyber criminal groups will also wrap their creations in with free software such as Adobe Flash Player, or through ‘paid archives’ that fool unsophisticated users into paying to download otherwise free software. Popular music and movies were also a common bait for malware authors, who used pirated songs by Lady Gaga, Pitbull and Maroon5 and movies like The Hunger Games to push malware onto victims’ computers.
Internet users looking to circumvent Windows activation feature or bypass time limited evaluation copies of popular, premium software packages were also at increased risk of compromise by malware, Microsoft said in the report, which contained data collected by the MMPC from computers running Microsoft’s in the first six months of 2012.
The company advised organizations to implement policies that block peer to peer applications within their environment and make it clear that employees should refrain from downloading free applications, movies and music. They should also use Web site filtering and Web proxy tools to limit access to known malicious sites.
Microsoft also advised companies to adopt policies for vetting new hardware – making sure that new hardware is purchased through a procurement process that includes reformatting factory-shipped hard drives, and installing anti malware and intrusion detection software, firewalls and other security and reporting tools as part of standard desktop images.
Despite high profile attention to the threat posed by malicious software and targeted attacks, organizations still struggle with non-compliant users, who are often willing to ignore warnings in search of online content they find titillating. In September, for example, the security firm FireEye reported that targeted attackers found greater success in the first half of 2012 with phishing campaigns designed to look like notifications from shipping companies like DHL and UPS.