Why malware authors don't need to try

[McLovin]

Commentary We often assume that malware writers are the sort of evil geniuses who work tirelessly to exploit unheard-of or secretly hidden backdoors in order to make a quick dollar or use your computer's resources for their own means. But recently, it feels like they haven't even been trying that hard.

Read more.

 

[Hungry Man]

Of course. Something like 1 in 3 users is running a severely outdated Java plugin. Can hackers make use of advanced exploits? Yes. We've seen ZeroAccess, Duqu, etc and they're incredible pieces of software. But there's really no need if your only goal is to spray as many users as possible with malware - 99% of the population is running at least one piece of outdated software, 40% of users are still on Windows XP, which means no ASLR... it's just easy.

 

[malbky]

The real threat nowadays in India for money theft does not come from online frauds or anythings. In fact it comes from ATM skimmers attached to the ATM's entrance door. Most ATM's have CCTV and a gaurd always on duty outside but some of them dont have gaurds which makes it easy for attaching skimmers. Recently here a particular banks ATM's were targeted.
Most of the users have one typical outdated software on their pc. IT is mostly adobe reader. I have long ditched adobe reader for Nitro PDF reader but i know many who use Adobe Reader 8. Many dont understand the importance of an anti-virus. They still use credit cards in cyber cafe's or unsecured pc's. The only thing protecting such users is mobile verification. But certain banks dont offer that.

 

[jamescv7]

Also I will add, some offices their main protection were being LUA and needs a grant for administration when attempting to execute/write an application.