‚ÄčAs we first reported in the Microsoft Security Report Volume 13, Keygens have become the number one threat reported by users of Microsoft antimalware products. The research also indicates that 76 percent of users that downloaded Keygen or software cracks were also exposed to other, more dangerous malware.  

Keygens are typically not very dangerous on their own. However, malware authors are having great success using deceptive downloads that either pretend to be Keygens or contain them as well as other malware to spread their malicious payloads. Customers reporting Keygens have higher rates of additional malware infections compared to other threats.  Some of these threats try to trick users into paying for software that’s distributed for free from trusted sources.

Figure 36: Detection trends for a number of notable and potentially unwanted software families in 2012.

Detection trends for a number of notable and potentially unwanted software families in 2012


Keygens are different from most other threats, they’re more likely to affect the latest operating systems than older ones. They are used to generate software keys particularly when setting up new computers.  They account for a large portion of the threats affecting Windows 8 and Windows 7, as seen in the Security Intelligence Report Version 14.

Figure 37: The malware and potentially unwanted software families most commonly detected by Microsoft antimalware solutions in 4Q12, and how they ranked in prevalence on different platforms.  

The malware and potentially unwanted software families most commonly detected by Microsoft antimalware solutions in 4Q12

In addition to using up-to-date real-time security software as detailed in the Intelligence report, please be sure to only get software from trustworthy suppliers.

Joe Faulhaber

MMPC