Good social engineering can threaten users more than a serious software flaw, Microsoft's Anti-Malware Engineering Team argued in a blog post on Tuesday.
A relatively unknown worm has spread moderately successfully without exploiting any flaws in the Windows operating system, according to data collected by Microsoft's software for removing malicious code. The virus--known as Alcra or Alcan--spreads through popular peer-to-peer file-sharing systems by offering itself up using the names of popular files on program cracking sites. The social engineering has been quite successful: During February, about 250,000 machines had been infected by the program, according to data collected by Microsoft's Malicious Software Removal Tool.
By comparison, the destructive mass-mailing computer virus Nyxem--also known as MyWife, Blackmal and CME-24--essentially has fizzled, only infecting 40,000 computers in February, according to the software giant's data. The Malicious Software Removal Tool scans about 250 million machines each month through Microsoft's Windows Update and Automatic Update.
"Threats like this reinforce the idea that malware that exploits user weakness can be as dangerous as those threats which exploit software vulnerabilities and reinforces the value of up-to-date antivirus products as well as general user vigilance," Microsoft stated on its Anti-Malware Engineering Team blog.
Of course, shifting focus away from attacks that use weaknesses in the Windows operating system to compromise machines serves Microsoft's interests. Currently, the company has to deal with a handful of publicly known, but unpatched flaws in Internet Explorer, including at least one critical vulnerability that is already being used against Windows users, prompting two firms to release their own patches.
With a week to go until the official patch is released for the Internet Explorer flaw, users should be vigilant.
Posted by: Robert Lemos