Cybercriminals are resorting to more deceptive forms of malware to infect Windows machines, with downloadable malicious software often coordinating their attacks in 2013.

According to the newest edition of Microsoft’s Security Intelligence Report, covering the second half of 2013, while the number of severe vulnerabilities exploited in Microsoft products has decreased by 70% from 2010-2013, malware infections tripled in late 2013 due to a rise in downloads bundled with malware and ransomware. User-initiated downloads for fake security, codecs and other software result in the installation of the Sefnit malware family in combination with the Rotbrow and Brantall, families previously considered harmless, according to the report.

(Related: Can Microsoft rescue Windows?)

Rotbrow is a Trojan downloader that presents itself as a browser add-on called “Browser Protector” or “Browser Defender,” while Sefnit is notorious for Bitcoin mining and click-fraud campaigns, and Brantall installs malware-ridden advertisements.

“Cybercriminals are secretly bundling malicious items with legitimate content such as software, games or music,” Tim Rains, Microsoft director of product management in its Trustworthy Computing, wrote in a blog post about the report. “The malware may be installed immediately or at a later date as it assesses the victim’s computer’s profile. It could be months or even years before the victim notices the infection, as often these malicious items operate behind the scenes with the only visible effect being slower performance on the system that was infected.”

According to Rains, Rotbrow was found on 59 of every 1,000 computers investigated for the report. The other major threat observed in the report was a rise in ransomware, with a top ransomware threat called Reveton, which increased 45% in the second half of 2013. Ransomware, a much less prevalent form of malware than deceptive downloads, impersonates an official agency and “is designed to render a computer or its files unusable until the computer user pays a certain amount of money to the attacker or takes other actions,” the report stated.

The report stated that Microsoft’s Malicious Software Removal Tool has been updated to address the deceptive download malware and ransomware threats. The report does not include data on the recent zero-day vulnerability discovered in versions 6 through 11 of Internet Explorer, for which Microsoft issued an emergency patch last week.