Microsoft Security Report: Internet Worms, Phishing Attacks On The Rise


Microsoft released the latest volume of its Security Intelligence Report (SIR) Monday, a semi-annual study evaluating the security threat landscape and malicious and unwanted software, based on data gathered from 450 million machines. Data wa collected from Windows Defender, the Malicious Software Removal Tool (MSRT) and Security Essentials as well as its enterprise Forefront security products, among others.

Of all categories, Internet worms experienced the highest rate of growth, rising from the fifth-most prevalent threat during the second half of 2008 to second place during the first half of 2009, according to the Microsoft SIR report. Miscellaneous Trojans, including rogue security software, remained the most prevalent category.

The growth of Internet worms was propelled by the growing reliance on thumb drives and other removable media tools, which resulted in the emergence and rapid replication of the notorious Conficker worm at the end of 2008 and first half of 2009.

Microsoft attempted to curb the spread of Conficker in October 2008 by releasing an emergency patch but was too late to stop the malware as it jumped from machine to machine by infected thumb drives and peer-to-peer networks. Altogether, Conficker infected 5 million PCs worldwide, according to the SIR.

Sponsored post

Jimmy Kuo, principal architect from the Microsoft Malware Protection Center, said that Microsoft has seen a resurgence of worms emerging from near-extinction to currently account for about one-sixth of Internet threats affecting the enterprise.

Enterprise PCs are much more likely to become infected by a worm, such as Conficker, than are home computers running OneCare, Microsoft's now-defunct antivirus offering, due to interconnected networks, an increasing reliance on USB sticks, and other portable media to transfer work to and from the office.

One worm, known as Taterf, has surfaced as a major threat, specifically designed to steal online gaming credentials and game scores from online games such as World of Warcraft, and to spread via an infected USB stick or network drive, executives said.

"People work at home and play games at home," Kuo said. "When they have to transfer games, they put their work onto a thumb drive. Now, effectively, that thumb drive has walked past all the hardware firewalls."

To counter the surge of Internet worms, Kuo said Microsoft incorporated a feature in Windows 7 that will only download information onto CDs, or DVDs, and will stop short at transferring information onto thumb drives.

"This new behavior will curtail a lot of spreading behavior of these worms," Kuo said, adding that the feature was specifically designed to prevent the spread of worms and not control piracy or enforce copyright laws. "We expect that number to go down, so this is really heartwarming to those of us who are waging this war to continually recognize we have had some effect."

In addition, PCs experienced a sharp uptick in phishing attacks during the first half of 2009, according to the SIR, driven by a significant increase in attacks delivered via social networking sites. Phishing attacks took a sharp upward spike in the spring, quadrupling in May and June, in part due to a campaign targeting social networks. And phishers continued to target a wider range of Web sites than in the past, honing in on online gaming portals and major corporations, Kuo said.

However, despite anecdotes that seem to point to the contrary, Microsoft's researchers noticed a 20 percent decline in rogue security software -- bogus antivirus software that claims to clean a users' system but instead is designed to scam users out of money, install malware or both.

Rogue security software generally pesters users with pop-up alerts or ads, indicating that there is malware on their system even when there isn't. Users are compelled to then submit credit card information in exchange for fake antivirus software, which is typically ineffective at best and malicious at worst.

Kuo attributed this decline, in part, to program enhancements in Vista and subsequently Windows 7 that can detect and block the phony software, although he maintained rogue security software still remained one of the top security threats.