You might want to think twice before clicking to confirm that next download. The odds are pretty high that the software contained within could contain malicious code, according to Microsoft security researchers.
The company stated in a blog post on Tuesday that their SmartScreen anti-malware technology, introduced in Internet Explorer 8, “has blocked more than 1.5 billion attempted malware attacks,” and that IE 8 and 9 installations block between two and five million attacks per day.
“From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware,” wrote Jeb Haber, SmartScreen Program Manager Lead. And despite pop-up warnings, 5% of users proceed with the download anyway.
A shift toward using social engineering techniques to spread malicious software is largely to blame for the increased risks, according to Haber. "You're just seeing an explosion in direct attacks on users with social engineering," he told ComputerWorld. "We were really surprised by the volumes. The volumes have been crazy."
Such social engineering attacks are seen commonly masked as links claiming to be about popular current events, such as the recent death of Osama Bin Laden or the royal wedding. Others purport to be useful applications, like disk cleanup utilities or antivirus scanners.
"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," says Symantec Security Response manager Joshua Talbot.
But don’t get frustrated and swear off your computer just yet. Microsoft also states that the vast majority of users stick to surfing known websites that have an established reputation and little chance of risk. Typical IE users will only see two pop-up warnings per year regarding unknown risks, but clicking through such warnings “carries a risk between 25% and 70% of malware infection,” so heeding such warnings is highly recommended.
I’m generally a Firefox or Chrome user, so I can’t personally comment about malware experiences with IE. I tend to surf around to a high number of sites daily though, and have definitely noticed an increased in scamware over the past several months. I’m also seeing more family members fall prey to these “social engineering” malware scams, a frustrating thing when you’re the technologically savvy one in the family.
Have you fallen victim to any of these recent cyber-scams? Share your experiences in the comments below.
