Malware Infection Percentages?

Discussion in 'malware problems & news' started by Brandonn2010, Oct 4, 2012.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I was wondering what percent of infections are caused by drive-by-downloads/exploits, and what percent are people unintentionally installing malware?
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's no realistic way to determine the actual percentages. Unless the malware is discovered almost immediately, there's usually no way to know where it came from. The figures are also going to be quite variable. Are you including adware under the heading of malware? Lately, java exploits are contributing a large share. Go back a ways and it was flash. Go back farther and exploiting IE6 was the method of preference. For the most part, exploiting the user infects more systems than anything else, be it social engineering, bundled adware, etc.
     
  3. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    THIS is likely the most common current exploit kit file drop name.

    THIS is likely #2.

    As these drop from exploit kits it really does not matter how up to date you are unless you are completely up to date. Even then if a 0day hole has not been patched yet then you might get infected anyway.
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    If there is no way to determine it, make an estimate, from personal experience?
     
  5. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    It really depends on the user. Some users would only get infected through an exploit.

    Users that visit a small range of ad supported legit sites for example will only be infected through exploits in the ads. This is especially true if they use an older OS and do not understand anything about updating web facing software and/or limited accounts.

    I have seen exploits in ads on okcupid, ebaumsword, failblog and even the netzero webmail page this year so safe surfing is not going to be much help if all of your web facing software and/or OS and/or browser are out of date. Even then an unpatched 0day exploit may get you anyway.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    A few years ago when I used to follow these things closely, I would ask those who posted for help in other help forums, where they thought they got infected. Some didn't know, but many would admit that they installed some freebee or cheap software, or were tricked into "updating" their software (Flash or a codec).

    This was noted back then by Marco of Prevx:

    The goal of anti-malware products
    http://www.prevx.com/blog/109/The-goal-of-antimalware-products.html
    December 16th, 2008
    Posted by: Marco Giuliani
    However, it's hard sometimes to categorize. For example, if a user is tricked into opening a booby trapped attachment, say, a Word or Excel document when then triggers a remote code execution exploit..

    Or, a user who is tricked into connecting an infected USB device which contains a remote code execution exploit...

    In these cases, it takes a social engineering trick to start the process, which ends up being auto-executed. In past discussions, I've noticed that not all agree which of the two categories they fit into. That is, you can make a case for inclusion in either of your two categories.

    Since there is some controversy in categorizing exploits, I'm not sure that everyone would accept any statistics (if there could be a way of compiling them) as valid!


    ----
    rich
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There is a lot of conflicting research about delivery mechanisms for malware and which are most popular. A lot of this has to do with unclear definitions of what an exploit is ie: if I trick you into downloading a file and the file then uses an exploit to run is it social engineering or an exploit? The reality is it's both.

    Two major papers were by Google and Microsoft and they had completely different conclusions and statistics. Google and Microsoft are very capable of performing research, both would have tons of information due to their positions on the web - Google's got Gmail, Chrome, and Search and MS has Bing, Windows, and IE. But they're completely different.

    Personally most of the computers I've fixed up were infected through exploits (or primarily ie: a user ran a .pdf file and that exploited the reader).

    But I've maybe fixed 1 or 2 hundred computers, a tiny sample size.
     
  8. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    JAVA drive by's would be #1 at the moment. Exploit kit's are all over it. Then would be old FLASH/ADOBE READER PDF style exploits & 3RD probably phising url's.

    That's just guessing really.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Code:
    "wgsdgsdgdsgsd.exe"
    Yes, I found one yesterday:

    java_wgsdgsd.jpg

    While it's true, as has been noted already, that unpatched 0-day vulnerabilites are the most dangerous, I noticed this easy mitigation step in an Opera security blog:

    http://my.opera.com/securitygroup/b...an-in-the-middle-attack-on-secure-connections
    In which case, the page loads and does nothing:

    java_ff-2.jpg

    The percentage of drive-by download infections would drop dramatically if more users were educated in a few basic preventative measures!


    ----
    rich
     
    Last edited: Oct 8, 2012
Loading...
Thread Status:
Not open for further replies.