Exploit kits are how most malware gets on victims’ computers and, according to Microsoft, encounters with exploit kits increased by more than a third from 3Q15 to 4Q15.
The second place on the list of exploits most commonly detected and blocked by Microsoft real-time antimalware products in 2H15 is the one for CVE-2010-2568, the Windows Shell Shortcut Icon Loading Vulnerability which was one of the four flaws used by the attackers who released the Stuxnet malware.
“An attacker exploits CVE-2010-2568 by creating a malformed shortcut file – typically distributed through social engineering or other methods – that forces a vulnerable computer to load a malicious file when the shortcut icon is displayed in Windows Explorer,” Microsoft explained in the most recent edition of its Security Intelligence Report (SIR).
Throughout the years, the bug was exploited by a number of malware families. It was patched back in 2010, but in early 2015 the fix was flagged as a failure. Microsoft insisted that it was not, and that the vulnerability and exploit method later discovered weren’t the same as the ones addressed in the earlier patch.
The fact that machines still encounter exploits for CVE-2010-2568 five years later means that attackers still count on the fact that many users use old Windows versions and don’t apply security updates.
Finally, standalone Java exploits, Adobe Flash Player exploits, and other types of exploits were rare and far between.
The machine infection rate has also jumped considerably in 4Q2015:
Interestingly enough, according to Microsoft’s numbers, in 2015 no ransomware families were among the top 10 malware that infected machines of home and enterprise users.