Microsoft Security Report: Trojan Horses Increase 300 Percent
Consistent with malware trends, the biggest security threats are moving to the Web and consequently experts say that they expect to see the number of Trojans rise exponentially. The reason? Trojans are by far the most "financially interesting" malware, experts say.
"It's the path of least resistance," said Doug Camplejohn, CEO and cofounder of security company Mi5. "For most enterprises, it's where they're least protected."
These Trojans allow attackers to install a small downloader onto unsuspecting users machines, usually without their consent, in order to record passwords, credit card, bank account numbers and other personal identifying information.
The significant increase in Trojans far outweighed the upswing in previous years, becoming increasingly evident that Trojan downloaders are replacing other types of malware, such as infected e-mail files and attachments, security experts said.
"Executables used to be delivered by other mechanisms," said Jimmy Kuo, principal architect for the Microsoft Malware Protection Center. "Now almost all other methods have gone by the wayside to those that simply lure people to [infected] Web sites."
Camplejohn said that the shift to Web-related threats was tied largely to the prolific, and rapidly self-replicating nature of botnets.
"If you think about it, Trojans kind of provide the best bang for the buck for a malware writer," said Camplejohn. "A smart hacker is going to spend their time and efforts to create a Trojan, in the long run, they're going to be rewarded better for that effort.
"Botnets bring money. Therefore Internet criminals write Trojans," he added. "Why do you write Trojan? Because that's where the money is today."
Microsoft's fourth Security Intelligence Report, which examined the security landscape between July and December 2007, provided analysis and perspective on software vulnerabilities, exploits, malicious software and potentially unwanted software -- software that occupies a gray area, such as adware -- observed by Microsoft security professionals over the last several years.
Meanwhile, the report found that the prevalence of rogue security software also continues to increase, which can be delivered via Trojans as well as by other social engineering methods, such as phishing.
Not surprisingly, the report found that newer versions of Microsoft applications were more resistant to vulnerabilities -- a fact which security experts said was due to increased awareness of security threats rather than failing to incorporate security into its products.
"We all make mistakes, and we learn from those mistakes," said Kuo. "Basically it's not that we didn't think of security, we just know more about it now."
Unlike previous versions, numerous current versions of Microsoft products now incorporate automated software updates, and are less prone to infection in general, Kuo said.
Surprisingly, not everything was on the rise. Bucking recent trends, exploits, malware and hacking accounted for only 13 percent of security breach notifications during the second half of 2007 and only 23 percent of all security breach notifications between 2000 and 2007.
Also countering previous security trends was a decline in the disclosure of vulnerabilities rated as high severity -- altogether, only 32.2 percent of known security vulnerabilities in the analyzed products had publicly available exploit code in 2007. In addition, vulnerabilities requiring a low level of complexity to exploit also continued to decrease.
"Vulnerability trends go up and to the right," said Camplejohn. "To have something reverse that trend, we look at with cautious optimism. That was really the surprise there."
Experts attribute this to a variety of factors. For one, companies might not have completely finished assessing all of their known security flaws.
Another explanation for the downward turn could be attributed to the underground market, in which hackers and cyber criminals purchase vulnerabilities in order to hold onto them for future use.
"We don't want to jump to conclusions that the number went down because we make the product safer," said Kuo. "If the numbers continue to go down, that will be proof."