Microsoft released its latest Security Intelligence Report today, which it says highlights a "significant increase" in the use of "marketing-like" approaches by cyber-criminals.
The report found the majority of these type of criminal methods involved the use of malware. Malware is corrupt software often disguised as a marketing campaign or product promotion that looks legitimate but internet thieves can use it to trick users with pay-per click schemes, false advertisements or fake security software for sale (see our story on the first such Mac-targeted threat).
Among the key findings were:
- Vulnerabilities in applications, rather than operating systems or browsers, accounted for the majority of exploited vulnerabilities.
- Exploitation of Java vulnerabilities increased sharply in the second quarter of 2010 and "surpassed every other exploitation category" tracked.
- The number of Adobe Acrobat and Adobe Reader exploits accounted for most of the document-format exploits detected but the number also dropped by more than half during the year.
- Microsoft Office exploits accounted for between 0.5 and 2.8 percent of document-format exploits detected.
- After the takedown of servers associated with the Win32/Cutwai spambot, there was a "significant drop" in the average daily volume of messages blocked.
- Advertisements for nonsexual pharmaceutical products accounted for 32.4 percent of spam messages blocked.
- The number of malicious phishing sites targeting gaming sites has declined, while the number of phishing sites targeting social networks increased - possibly due to the finding that phishing sites that target social networks "routinely receive the highest number of impressions per active phising site."
The Security Intelligence Report focuses on the period of July to December 2010 and, according to Microsoft, includes analysis of data from more than 600 million systems worldwide.