Malware attack vectors

Most common method of malicious code infecting your computer requires user interaction.

A recent study released by Microsoft, shows that the most common method of malicious code infecting your computer requires user interaction.

Nearly half of the malware required direct user action.  Such things as pop-up ads claiming that your computer is infected, and emails with attachments directing you to malicious sites, are examples of this method.

The next two most common attack methods make use of auto-run in Windows.  Automatically running programs from a USB device, or the network.

These three methods make up nearly ninety percent of the attack methods used.

The auto-run settings can be turned off in Windows.  This prevents programs from starting automatically just by plugging in an infected USB device, for example.  Your company policy should be that USB devices are not to be brought in, and connected to company computers.  Disabling the auto-run is further protection against this avenue of attack.

Reducing the threat of infection from malicious code that requires direct user action, can best be done through education.  Helping your employees recognize these attempt to lure them into loading malicious software goes a long way towards securing your system.

In the cases that I have seen, where our customers ended up with infected machines, these two methods were used in almost all of them.  Most of the time, it is someone in the company getting an email, and opening the attachment, or clicking on the link.  In most of the other cases, it is someone bringing in a USB thumb drive, to show everyone pictures of their kids, or something like that.  Needless to say, the thumb drive is infected, because the person does not use any security software on their home system.

As always, none of this reduces the need for good anti-virus and anti-malware software.  It needs to be kept current, also, along with any security updates for your computer and software.

The Microsoft Security Intelligence Report, found that less than 1% of attacks were against unpatched vulnerabilities.  The rest were against vulnerabilities where a patch exists, or from direct user action.  Keep your systems up to date.

Leave a Reply