Recently, Adrienne Hall, General Manager for Trustworthy Computing announced the availability of the Microsoft Security Intelligence Report volume 13 (SIRv13). Hall made the announcement during her keynote speech at RSA Europe. The latest report found that over 76 percent — that’s approximately 3.8 million of the 5 million Keygen detections — of computers reporting Keygen detections in the first half of 2012, were also the ones to have reported detections of other malware families.
A post on the Microsoft Security Blog states that this is a good indication of the fact that Keygen is often bundled with, or leads to, malware infections. In the SIRv13 report, Microsoft has included a feature story, which delves into greater detail on suspicious downloads such as Keygen, while also offering “mitigation guidance on how to help protect against this type of social engineering threat”.
Most of those reporting keygen detections, reported of malware (Image credit: Getty Images)
Microsoft's Director, Trustworthy Computing, Tim Rains highlighted in the post on the Microsoft Security Blog that among the most interesting trends to have emerged in their latest report has been the rise in software activation key generators being used as a tool to distribute malware. He further explains that in the first six months of 2012, the threat family Win32/ Keygen, representing software activation key generators had been detected nearly a whopping five million times. These detections, he adds have increased by a factor of 26, since the first half of 2010 going up as high as becoming the number one consumer threat family worldwide, higher than other existing threat families like Pornpop, Blacole, Conficker and FakePAV. The existence of Keygen differs by location. However, that has not deterred it from being listed as a top 10 threat for 103 of the 105 countries/ regions studied in SIRv13. Here, he reiterates that Keygen is part of the top 10 list of threats for 98 percent of the locations, analysis for which is offered in SIRv13.
Rains adds that the report has evolved a lot since Microsoft first launched it six years ago, but its goal remains unchanged, i.e., “to provide our customers with the most comprehensive view into the threat landscape so they can make informed risk management decisions”. The latest report, SIRv13, is spread over 800 pages of data and analysis “with deep dives for 105 countries/regions around the world.” The report, Rains adds, has been designed to provide in-depth perspectives on software vulnerabilities and exploits, malicious code threats and potentially unwanted software based on data from over 600 million systems, 280 million Hotmail accounts and billions of web pages scanned by Bing.
Rains adds that Win32/Keygen is a family of tools generating keys for various software products. Although Keygen is not malicious by nature, the fact that it is commonly bundled with or leads to malware, and the Microsoft Malware Protection Center classifies it as “Potentially Unwanted Software.”
Rains writes further, “Of course this is just one of the many interesting trends you’ll see in the latest report. I encourage you to visit the Microsoft Security Intelligence Report website and download the report today to learn about the latest threat trends and the actions you can take now to help mitigate risk within your environment. You can also read the key findings summary or watch a short video for a summary of the data contained in the report.”