Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/7/2009
08:34 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Microsoft: Rogue AV Found On 10 Million Machines

Scareware more pervasive than thought, while data breaches more about lost and stolen equipment than hackers, according to new Microsoft Security Intelligence Report

Rogue security software infections by just one family of malware jumped 66 percent in the second half of the year, according to Microsoft's new Security Intelligence Report (SIR), released today. And it's not hackers who are responsible for data breaches: It's the lost and stolen laptops, disks, and other computer equipment, according to the report.

Microsoft's report on threats for the second half of 2008, which gathers threat data from hundreds of millions of Windows machines worldwide, as well as some vulnerability and breach data from other sources, for the first time looked at business versus consumer threat data. While enterprise users are more likely to be hit by worms, consumers get more Trojan and adware infections, according to Microsoft.

But it was the scareware, or rogue AV infections, that stood out overall with the big numbers for the second half of '08. "This was a significant scale that we had not seen in the past," says Jeff Williams, principal architect for Microsoft's Malware Protection Center. "It has become very widespread, and the scale of it had been hidden from view [until now]," he says.

The bad guys are capitalizing on users' understanding that they need security software protection from threats, he says. "Fear is a powerful motivator," Williams says. And the phony threats have a convincing look and feel that can easily dupe consumers, he says.

"They are copying our software look and feel, and Symantec's, etc., with the same naming conventions," he says. They also are localizing it by region, he notes.

Microsoft says the Win32/Renos scareware attack was found on 4.4 million computers, for instance, and Win32/FakeXPA and Win32/FakeSecScan on 1.5 million machines. Other rogue AV types were also detected, bringing the total numbers of those types of infections to the 10 million mark.

The report, using data from the Open Security Foundation's OSF Data Loss Database, also noted that 33.5 percent of all security breach incidents were from stolen equipment, and that stolen and lost equipment together accounted for half of all reported breaches in the second half of 2008. Malware and other hacking incidents accounted for less than 20 percent of all data breaches. "So it's not just a technology issue, but [victims] have governance issues," Williams says.

And a bit of possibly good news: Based on Microsoft's and other data, the total number of new vulnerability disclosures dropped 3 percent from the first half of the year, and the total number in 2008 was 12 percent fewer than disclosed in 2007. The caveat: "High severity" vulnerabilities were up 4 percent in the second half of '08, and more than half of all vulnerabilities in that period were high severity" Still, the total number was down 16 percent from 2007.

Around 90 percent of vulnerabilities during the second half of last year were in applications, Williams points out, and with increased attacks targeting third-party apps. Microsoft vulnerabilities comprised about 41 percent of browser-based attacks against XP machines, and 5.5 percent against Vista machines.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...