This increase was predominately due to a new detection added to Microsoft’s security products for a threat known as Rotbrow. Rotbrow is a threat that uses deceptive tactics instead of software vulnerabilities to trick its victims into installing malware.
Rotbrow was more prevalent on Windows 7 and Windows Vista, likely for monetization purposes. Detections of Rotbrow significantly decreased after December 2013 once systems were cleaned and Microsoft expects the CCM infection rate to return to more typical levels in subsequent quarters as the Malicious Software Removal Tool and other security products work to clean the remaining backlog of old Rotbrow infections.
Microsoft discontinued support – including security patches – for XP in April (with an exception), opening up the door for a rash of zero-days attacking the system – so it’s likely that these numbers will radically shift for the second-quarter report. But Microsoft’s latest Security Intelligence Report detailed the vulnerability levels in various versions of Windows prior to the end-of-life cutoff for XP, and disclosed that Windows Vista, which was released in 2007, has an infection rate of 3.24%, compared to 2.42% for Windows XP, released in 2001. And at 2.59%, Windows 7 falls in the middle.
Unsurprisingly, the most current OS, Windows 8.1, clocks in as the safest of them all, carrying an infection rate of just 0.08%. Already-obsolete Windows 8 increases that significantly however, to 1.73%.
Microsoft noted in the report that the infection rates by OS also tend to be affected by the specific threats for the studied period. For instance:
“There was an increase in computers cleaned from malware in the fourth quarter of 2013. This increase was predominately due to a new detection added to Microsoft’s security products for a threat known as Rotbrow. Rotbrow is a threat that uses deceptive tactics instead of software vulnerabilities to trick its victims into installing malware. Rotbrow was more prevalent on Windows 7 and Windows Vista, likely for monetization purposes (e.g. click fraud, etc.). It is important to note that the rise in computers cleaned in the chart below is not an indication of the operating systems security effectiveness.”
It’s important to keep in mind that, going forward, the overall security impact of non-updated XP systems is much larger for this camp given the larger install base.
Net Marketshare noted that Windows XP’s usage only declined by about a percentage point compared to March, and as of April still accounted for 26.29% of PCs globally. Vulnerability management expert Secunia, meanwhile, has released UK install base figures for Windows XP, finding that one month after the end-of-life deadline, more than one in six (17%) private UK PC users is still likely to be vulnerable to new exploits that Microsoft is no longer patching.
“Generally speaking, newly discovered vulnerabilities in XP will be unpatchable for private users, and therefore we will see a rise in attacks,” said Kasper Lindgaard, director of research and security at Secunia, in a comment to Infosecurity. “XP users will in future basically be a free-for-all to hackers, who can create and use exploits at will.”
He added, “Additionally, future patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and subsequently – if applicable – modified to work against Windows XP.”
Meanwhile, Net Marketshare found that Windows 7′s desktop share actually rose recently, from 48.77% in March, to 49.27% last month. For Windows 8 and 8.1, the combined desktop OS share is just over 12%.
Windows continues to urge people to upgrade from Windows XP to a more modern operating system to better protect themselves.