Study finds that most computer malware infections are due to user actions
According to a Microsoft study released last month, the software giant found that 44.8 percent of malware attacks on Windows based systems were the result of an action taken by the computer’s user. It may have resulted from simply clicking a link or downloading an infected file, and the user was probably duped into doing it. When malware, or malicious code, is allowed to be installed on a computer, it can give hackers any number of capabilities, including complete control of the infected computer. If that computer is connected to a network, attackers can often access other connected PCs and servers.
The next greatest source of malware, comprising 26 percent of attacks originated in infected USB and other storage devices. A user plugging in an infected iPod or smartphone into a USB port simply to charge it can transfer the malware to the computer and other machines on the network it is connected to. Also high on the list were ads for rogue security software (see the graphic above for some common examples) which cybercrimanals use to con users into downloading malware; and the exploitation of weak user passwords, which remains a common problem even today.
The study also found that roughly 90% of all malware targeted vulnerabilities that had a security patch available for a year or more. In the first half of 2011, between one-third and one-half of all exploits went after weaknesses in Oracle’s Java products. The document format most exploited was the PDF file used by Adobe Reader and Acrobat. Keeping all software patched and up to date is of utmost importance in defending against malware attacks.
Microsoft statistics show that ninety percent of all email traffic on the internet is spam or unwanted by the recipient. Small Business Technology Solutions SPAM Firewall service is capable of filtering out nearly all of these messages, eliminating the majority of email based attacks before they even reach the user. As for malicious web sites, the Small Business Technology Solutions Web Untangler device will block user access to a list of bad sites that is continually updated as they go online.
But in the end, people are an organization’s last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. It is important to keep employees educated on the computer security best practices they need to incorporate into their daily business activities.