Since the first half of 2010, a family of threats Microsoft calls ‘key generators’ began to crack it’s top 10 list of threat detections in key markets, including the US, Spain, and Russia. It’s a generic term for software activation keys that people search for online, as they seek out sources for free versions of key codes either to access commercial software at no cost, or upgrade trial versions to fully paid ones. This family of threats also includes freely available software keys and downloads, such as in the case of Adobe Flash.
Tim Rains, director of Microsoft’s Trustworthy Computing Group, outlined two methods by which people can have their devices compromised by deceptive key generators: “[attackers] bundle a software key generator with other malware, or they create a fake software key generator that’s essentially a trojan that downloads malware. Then there’s [web] searches for software key generators…we are noticing that a lot of people are being exposed to drive-by download attacks when they look for these”.
He cited a “huge increase” in these threats since the first half of 2010. “In the first half of 2012, we’ve had more than five million detections of these key generators worldwide”, he told Infosecurity during an interview at this week’s RSA Europe Conference in London, where Rains outlined the findings of Microsoft’s latest Security Intelligence Report.
“It’s now the number one threat on our top 10 list worldwide” – even more prevalent then some of the threats we have focused on in the report before, like Conficker or the BlackHole exploit kit”. Rains said that since the first half of 2010, key generator threats have increased by a factor of 26.
This increase also appears to be an indicator of additional threats, as Rains cited data from the report showing 76% of exploitive key generator detections are also accompanied by other malware on the same system – some of them he labelled as being “very severe”.
Rains said Microsoft is trying to increase awareness around the problem, and educate end-users that searching for these ‘free’ software key generators is a risky proposition. “When you find them [online], you don’t know if it’s malware, you don’t know if its bundled with malware, and you don’t know if the page that’s hosting it will expose you to drive-by download attacks”, he told Infosecurity.
Among the 105 regions that version 13 of the Security Intelligence Report evaluated, Rains said 103 of them had key generation exploits on their top 10 list of security threats (the exceptions were Korea and the Palestinian Authority).
Of course, the key generation family of threats capitalizes on users continuing to search for free content on the internet – something that has drawn the attention of hackers for some time in the realm of media content.
The good thing about key generator threats, from a security perspective, is that it can be more easily remedied through end-user education, as Rains pointed out. His advice is simple: “If you can’t trust the source of the software, then don’t trust the software”.