Microsoft Security Report: Scareware On The Rise
The sixth volume of the Microsoft Security Intelligence Report (SIR), which covered the last six months of 2008, released findings aimed at providing an accurate picture of the latest security threats and trends acquired from millions of computers worldwide.
In particular, rogue security software, also known as scareware, has "increased significantly over the past three periods," according to Microsoft's SIR. Specifically, rogue security software capitalizes on users' fear of cyberattacks by offering antivirus or antispyware that purports to clean up their systems. The attackers often leverage fear tactics delivered via some kind of social engineering to convince users to pay for "full versions" of the offered software that allegedly would protect them from Trojans and other kinds of malware. Often, the solicited software is actually malware that is used to drain bank accounts, steal financial and other critical information or infect computers to incorporate them in a spam-spewing botnet.
Two rogue families of scareware, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, while another threat, Win32/Renos, used to deliver rogue security software, was detected on 4.4 million unique computers, increasing 66.6 percent over the first half of 2008, according to the report.
Also in the report, Microsoft blamed third-party applications -- and not Windows -- for the majority of the security-related issues in its operating systems.
The Security Intelligence Report found that as software companies have improved the security of their operating systems, attackers have begun en masse to target the application layer. Nearly 90 percent of the reported attacks exploiting vulnerabilities from July to December 2008 were aimed at applications.
The report also indicated that almost 95 percent of the browser-based exploits were targeted at third-party applications, some of the most common being Adobe Flash and RealPlayer. The report found that the most frequently exploited vulnerabilities in Microsoft Office software were some of the oldest and, in most cases, the application versions attacked did not have up-to-date service packs applied.
However, despite the sharp uptick of external attacks, the report found that lost and stolen computer equipment, and not hackers, were ultimately responsible for the majority of data breaches, constituting 50 percent of all incidents during the last half of 2008. Altogether, data breaches resulting from hacking comprised less than 20 percent of the reported incidents. The fact that stolen or lost equipment played such a significant role in the majority of security breaches underscored the need for companies to implement strong data governance policies, according to the study.
Altogether, Microsoft recommends that users configure their PCs to use Microsoft Update and make sure updates are enabled for third-party applications. Also to protect themselves from attacks, Microsoft recommends that users rely on antimalware products from trusted vendors and regularly install updates. Meanwhile, researchers say that users should avoid opening attachments or clicking on links in e-mail or IM from unknown or untrusted sources.
For corporate customers, Microsoft recommends that enterprises implement policies to secure file sharing and regulate use of removable media, while helping control the use of remote management tools.