Microsoft this week announced the release the 13th volume of its bi-annual Security Intelligence Report (SIRv13, PDF). The 146-page document looks at malware (and general security) trends for the first half of 2012.
One of the biggest shifts, according to Microsoft, has been the growth of key generators and its link with the spread of malware. The software giant found that Win32/Keygen, which represents key generators, was the most commonly reported threat family between January 2012 and June 2012. It was detected by Redmond nearly 5 million times, and so the software giant is warning pirates to avoid them.
If you’ve never heard of key generators (keygens for short), they’re little utilities that users can use to help pirate software. As their name implies, they generate keys for products that require validation to install or activate. This allows the user to bypass the need of purchasing a valid copy of a given piece of software. According to Microsoft though, keygens often come with malware bundled within, or the websites that distribute them serve up threats when the users visit.
Keygen detections have increased by a factor of 26 since the first half of 2010 and today Keygen is the number one consumer threat family worldwide, rising above other prevalent threat families like Pornpop, Blacole, Conficker and FakePAV. The prevalence of Keygen varies from location to location, however it is listed as a top 10 threat for 103 of the 105 countries/regions studied in SIRv13. That means Keygen is in the top 10 list of threats for 98% of the locations we provide analysis for in SIRv13.
The report further goes on to say that more than 76 percent (approximately 3.8 million out of the 5 million) of computers reporting keygen detections also reported detections of other malware families. “This is a good indication that Keygen is often bundled with, or leads to, malware infections,” Microsoft believes.
The report also notes, however, that bundling malware is not limited to pirated software, or tools to pirate software. Cybercriminals often serve up threats disguising themselves as legitimately free software. For example, one of the most popular targets is Adobe Flash Player: in Q1 2012 and Q2 2012, Microsoft found 35 different malware families distributed using the file name “install_adobeflash.exe.”
Image credit: Graham Briggs