Top 2014 threats

2014 was the year of cryptolockers, ransomware, and malicious browser hijackers. Cyber criminals have become more transparent and demanding in some areas, and they have become more clandestine and misleading in others. As reports show, more Windows security vulnerabilities have been exploited in 2014 than ever before, and Windows operating systems remain the most frequently targeted. In addition, according to netmarketshare.com, nearly 19% of all Windows users are still using the Windows XP operating system, which is quite alarming considering that the support for it has ended back in April of 2014, making Windows XP even more vulnerable than other versions. This report analyzes the top threats of 2014, all of which were mainly targeted at Windows users.

According to the malware analysts at pcthreat.com, istart.webssearches.com has continued to be the most commonly detected browser hijacker, alongside other malicious hijackers known by the names isearch.omiga-plus.com and Qone8.com, both of which have been reported back in 2013. All of these hijackers have the ability to change the home page and the default search provider settings without permission, which is why they are categorized as hijackers. In addition, all of them have been set up to change browser shortcut targets to ensure that the removal of these threats is more complicated. While most browser hijackers can be deleted by replacing the unwanted search tools and removing the leftover files, the victims of Qone8.com, isearch.omiga-plus.com, and istart.webssearches.com have to change Targets of all browser shortcuts. Many users do not understand what a Target is, and so the removal of these browser hijackers often appears to be impossible. Of course, this is not the case.

PC Optimizer Pro is another infection that has been discovered to taunt Windows users. Our malware researchers have first detected the threat in 2012, and since then the perception of this threat has changed. What first was considered to be a rogue antivirus is now identified as a potentially unwanted program, or a PUP, which cannot offer beneficial services. Of course, the fact that PC Optimizer Pro requires removal does not change, because this program has been developed to convince unwary computer users that they need to pay money for services that cannot live up to anyone’s expectations. The situation is the same with another potentially unwanted program TornTV. While PC Optimizer Pro is usually the program that users find attached to other installers, TornTV is an unreliable application that has been set up to promote third-party software. Users who install TornTV might find PC Optimizer Pro installed alongside.

Even though browser hijackers and potentially unwanted programs can open up security backdoors and put the security of the targeted users at risk, there is no other threat more annoying than Arma dei Carabinieri Virus. This ransomware is mainly targeted at Windows users living in Italy, and, once executed, it can paralyze an operating system and demand a ransom. What is most worrying about the threat is that it uses the credentials of the Italian law enforcers, and this is the trick that has guaranteed cyber criminals a huge profit. Every lockdown is followed by a €100 ransom that is misleadingly identified as a legal fine. The clandestine Arma dei Carabinieri Virus is executed by a Trojan that can be infiltrated without notice.

All of the infections mentioned in this report use certain tricks to enter the operating systems. In most cases, browser hijackers and potentially unwanted programs are distributed using software bundles; however, the methods are different. The aforementioned hijackers could be installed silently, and the PUPs could be advertised as beneficial programs, in which case, users are likely to install these PUPs themselves. Users might also encounter PC Optimizer Pro via misleading banner advertisements, and the installer of TornTV could be automatically downloaded when trying to watch videos on corrupted or unreliable sites. Arma dei Carabinieri Virus and other clandestine ransomware infections are executed by Trojans which can enter operating systems via corrupted spam email attachments and links. Unfortunately, cyber criminals can employ inconspicuous social engineering scams and drive-by download attacks to infiltrate malware.

There is no doubt that cyber criminals will keep creating infections as long as there will be security vulnerabilities to exploit. If computer users do not reinforce their operating systems with authentic security software and do not keep up with the security updates, malware will prevail. Even though users have never had more information and means to stop malware, cyber criminals continue invading new platforms and inventing new infections and distribution methods. Looking at current tendencies, in 2015 cyber criminals are likely to work their way into the mobile platform, release more cryptolockers, and exploit security vulnerabilities more often. Due to this, it is more important than ever before that the security industry experts and Windows users work together.