Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/7/2009
08:34 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Microsoft: Rogue AV Found On 10 Million Machines

Scareware more pervasive than thought, while data breaches more about lost and stolen equipment than hackers, according to new Microsoft Security Intelligence Report

Rogue security software infections by just one family of malware jumped 66 percent in the second half of the year, according to Microsoft's new Security Intelligence Report (SIR), released today. And it's not hackers who are responsible for data breaches: It's the lost and stolen laptops, disks, and other computer equipment, according to the report.

Microsoft's report on threats for the second half of 2008, which gathers threat data from hundreds of millions of Windows machines worldwide, as well as some vulnerability and breach data from other sources, for the first time looked at business versus consumer threat data. While enterprise users are more likely to be hit by worms, consumers get more Trojan and adware infections, according to Microsoft.

But it was the scareware, or rogue AV infections, that stood out overall with the big numbers for the second half of '08. "This was a significant scale that we had not seen in the past," says Jeff Williams, principal architect for Microsoft's Malware Protection Center. "It has become very widespread, and the scale of it had been hidden from view [until now]," he says.

The bad guys are capitalizing on users' understanding that they need security software protection from threats, he says. "Fear is a powerful motivator," Williams says. And the phony threats have a convincing look and feel that can easily dupe consumers, he says.

"They are copying our software look and feel, and Symantec's, etc., with the same naming conventions," he says. They also are localizing it by region, he notes.

Microsoft says the Win32/Renos scareware attack was found on 4.4 million computers, for instance, and Win32/FakeXPA and Win32/FakeSecScan on 1.5 million machines. Other rogue AV types were also detected, bringing the total numbers of those types of infections to the 10 million mark.

The report, using data from the Open Security Foundation's OSF Data Loss Database, also noted that 33.5 percent of all security breach incidents were from stolen equipment, and that stolen and lost equipment together accounted for half of all reported breaches in the second half of 2008. Malware and other hacking incidents accounted for less than 20 percent of all data breaches. "So it's not just a technology issue, but [victims] have governance issues," Williams says.

And a bit of possibly good news: Based on Microsoft's and other data, the total number of new vulnerability disclosures dropped 3 percent from the first half of the year, and the total number in 2008 was 12 percent fewer than disclosed in 2007. The caveat: "High severity" vulnerabilities were up 4 percent in the second half of '08, and more than half of all vulnerabilities in that period were high severity" Still, the total number was down 16 percent from 2007.

Around 90 percent of vulnerabilities during the second half of last year were in applications, Williams points out, and with increased attacks targeting third-party apps. Microsoft vulnerabilities comprised about 41 percent of browser-based attacks against XP machines, and 5.5 percent against Vista machines.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24213
PUBLISHED: 2020-09-23
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.
CVE-2020-2279
PUBLISHED: 2020-09-23
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
CVE-2020-2280
PUBLISHED: 2020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
CVE-2020-2281
PUBLISHED: 2020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
CVE-2020-2282
PUBLISHED: 2020-09-23
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.