In the second half of last year, the seven most common families of threats removed from Windows PCs were related to scareware programs, according to the report. The most common family of trojan downloaders used to distributed rouge security software, Win32/Renos, was found on 4.4 million machines, a 67 per cent increase over the first half of 2008.
"What they do is take advantage of people's fears and they blast false infection messages onto the computer," Jimmy Kuo, principal architect of the Microsoft Malware Response Center, told SCMagazineUS.com this week. "It's the No. 1 issue we encounter."
Users are getting infected merely by visiting a website that has been seeded with an exploit, a ploy known as drive-by downloads, he said. The threat, though, affects more home than corporate users.
"You don't have users in the company thinking they have to pay for anti-virus software," he said. "On the other hand, corporate users will still see them while they go rummaging on the internet."
The report also analysed file-format exploits, in which attackers distribute malicious files for programs such as Microsoft Office or Adobe Reader. The study found that 91.3 per cent of file-format attacks leverage a two-year-old Word vulnerability, which was patched by MS06-027.
Kuo said this is proof that people aren't patching their systems as diligently as they should be.
"As we found out in the Conficker scenario, the corporate situation is that they obviously are aware of the patches that we issue, but most corporations have a situation where they'll run [the fixes] through tests that take a rather long time," he said. "And sometimes, they opt for not invoking the potential that they'll have incompatibilities because of the patch."
The report also found that stolen equipment, such as laptops, accounted for the most common cause of data breaches; more than 97 per cent of email is unwanted; the number of Microsoft security bulletins issued in the second half of 2008 rose 67.2 per cent; and financial organisations and social networking sites are the most frequently targeted vertical in phishing attacks.
See original article on scmagazineus.com
Microsoft report shows scareware, file-fomat bugs on rise
Rogue anti-virus, or scareware, programs -- which entice a user into purchasing fake security software by telling them their machine is infected -- has emerged as the biggest security threat facing internet users, according to Microsoft's sixth Security Intelligence Report.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
ElasticON Sydney 2025: Deriving value from your data with Search AI
.png&h=140&w=231&c=1&s=0)
Partner Content
AI and quantum computing widen the machine identity security gap
.png&h=140&w=231&c=1&s=0)
Partner Content
Elastic's Open Source Strategy Drives Innovation and Expansion
Unlock SMB Success with Microsoft Copilot
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
