Be wary: the next time a website asks you to click on a link or download new software, think twice because there’s a pretty good chance that the program is infected. Microsoft claims that one out of every 14 programs downloaded by Windows users turns out to be malicious.
Even though modern browsers have been packed with security features designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.
Furthermore, instead of simply hacking the browsers themselves, hackers use a method called social engineering. It is how the recent Facebook spam spread throughout the social network where users were told to install an app or click on a link usually disguised as an interesting story or video about hot news such as the royal wedding or the death of Osama bin Laden, that is actually a malicious Trojan horse program. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.
Enterprises are also potential victims of a social-engineering technique called spearphishing, where the criminals take the time to figure out who they’re attacking to create a specially crafted program or a maliciously encoded document that the victim will likely want to open.
Jeb Haber, program manager lead for SmartScreen, said that better browser protection is pushing the criminals into social engineering, especially over the past two years. “You’re just seeing an explosion in direct attacks on users with social engineering,” he said. “We were really surprised by the volumes. The volumes have been crazy.”