Information Security Advisory - Deceptive Downloads Pose a Rapidly Growing Threat

03/18/15
This notice is archived content and this information may no longer be accurate.
The good news, according to a new Microsoft security report, is that software-industry practices have improved enough so that hackers have a hard time creating new traditional attacks, such as Trojans and classic viruses.

The bad news is that the attackers have simply shifted tactics, relying more on malware dubbed deceptive downloads. These downloads accomplish their goals by fooling users; typically, they appear to download a helpful software plug-in or program while actually infecting the victim’s PC.

Massive growth
How troubling is the increase in deceptive downloads? Well, researchers say that when they added just two such programs to their malware list, the number of problems they detected rose an astonishing 300%. That was the largest quarterly increase ever noted by this group.

One deceptive download program singled out by experts is Rotbrow, also known as Browser Protector. It claims to protect a user's system from browser add-ons, but instead it installs unwanted software.

Another, dubbed Brantall, installs both legitimate advertising programs and other, malicious programs.

Low profile dangers
Here’s how these sneaky programs fly under the radar: Experts say that Browser Protector first hit the scene in 2011, but at first it exhibited no malicious behavior. Because of that, many security software vendors never configured their products to block or remove it.

Browser Protector’s malicious behavior crept in later, by which time it was too late for millions of users.

The lesson for you? For starters, make sure your PC has excellent security software, and that you keep that software updated with the latest definitions. And be very skeptical of any downloads, even those that seem harmless—you never know what may be lurking.

Watercooler Stories

Data Breach Hits URL Shortener Bitly
The popular URL shortening service Bitly has disconnected customers’ Facebook and Twitter accounts and is advising users to change their passwords because their credentials have been compromised. In an announcement, the company said it has “reason to believe” user account credentials have been compromised. Bitly added that one of the measures it took in the wake of the breach was to disconnect all users’ Facebook and Twitter accounts. The company hastened to add that it has seen no evidence that accounts have actually been accessed. In addition to reconnecting their social media accounts, Bitly users were advised to change their passwords.

Doc Works on Hospital Server, Causes $4.8M Breach
An inadvertent data leak that stemmed from a physician's attempt to reconfigure a server cost New York Presbyterian Hospital and Columbia University Medical Center $4.8 million to settle with the U.S. Department of Health and Human Services. The breach occurred in 2010 after a physician at Columbia attempted to deactivate a personally owned computer from a New York Presbyterian network segment that contained sensitive patient health information. In addition to paying the fines, the hospitals agreed to take substantive corrective action, including development of a new risk management plan and new policies and procedures for handling patient data.

Fake Instagram Malware Surges
Do you use Instagram on your mobile device? Do you use a separate, third-party application to transfer your Instagram photos to your desktop PC? If so, you might want to look twice at that application, because bundling malware or potentially unwanted programs into Instagram-related software is all the rage. Many will be surprised to learn Instagram now surpasses Twitter in popularity, with 2.7 million more monthly active users. To cyber-attackers, this represents an opportunity; slapping the "Instagram" name on malicious programs makes it far easier to trick users into downloading and running them.