Scareware On the Rise, Microsoft Report Warns
April 10, 2009 8:21 AM
comment(s) - last by
Overall most threats have dropped, but "Misc Trojans" which include fake antivirus suites, are on the rise.
Two rogue security software families are on millions of computers
When it comes to computer security, most users are aware that there are dangers, but are
of what these dangers are. They rely blindly on security software to protect them against these unseen evils. Unfortunately, malware makers have caught on to this and have began releasing fake security suites that essentially do little-to-nothing to protect users, and even sometimes perform malicious actions.
Microsoft sixth Security Intelligence Report, covering the second half of 2008 details the
rise of so-called "scareware"
-- fake security suites feeding off user fear. Microsoft takes a great deal of interest in computer security. Not only is it going to soon be offering
free antivirus software
to Windows users, but it also has much at stake -- as the the operating system leader, its systems are the primary target of elicit internet activity.
While the new report covers many topics, perhaps the most interesting is its analysis of the rise of scareware mongers -- modern snake oil salespeople. Describes the report, "
The prevalence of rogue security software has increased significantly over the past [year and a half].
Rogue security software uses fear and annoyance tactics to convince victims to pay for 'full versions' of the software in order to remove and protect themselves from malware, to stop the continual alerts and warnings, or both."
The report identifies two software families --
Win32/FakeXPA and Win32/FakeSecSen -- which were the biggest threat. The fake security suites associated with these families were found on over 1.5 million machines, making them among the most dangerous security threats.
This kind of deception has led some -- like
Alex Stamos, co-founder and partner at software security company ISEC Partners -- to suggest that "normal" users avoid internet use. He stated at a recent conference, "
The Internet cannot be safely used by normal people.
Most people are not prepared to make the technical decisions necessary to safely use the Internet."
Still, others argue that increased legitimate protection, which should expand to include better means of removing illegitimate security suites, can make up for user gullibility, to some extent. Ultimately gullibility and irresponsibility continue to be key factors in the insecurity of the internet. Of system breaches in the second half of 2008, over half (50 percent) were caused by lost or misplaced equipment by network users.
The report also finds that while operating systems like Windows are increasingly secure, the number of attacks on the application layer is vastly increasing. Applications require a level of trust, but that trust in turn allows abuse. Over 90 percent of vulnerabilities covered in the report targeted the application layer. This explains why increasingly Mac computers are being
hacked and made vulnerable
, despite the general lack of interest in attacking the underlying OS.
Evidence of Windows Vista's improvements in security over Windows XP were evident in the survey. Approximately
40.9 percent of browser exploits on Windows XP machines targeted Microsoft software, while only 5.5 percent did on Vista. Microsoft's additions to the application layers, such as Microsoft Office, also have greatly reduced in number of unpatched exploits. Describes the report, "
The most frequently exploited vulnerabilities in Microsoft Office software were also some of the oldest.
Over ninety-one percent of attacks examined exploited a single vulnerability for which a security fix had been available for more than two years (CVE-2006-2492)."
While the report represents good news for Microsoft -- that its security efforts are working -- it's also bittersweet. Microsoft is finding that security threats are increasingly not targeting its software. That puts tremendous pressure on Microsoft to deliver with its upcoming antivirus software offerings, as customers have come to expect much from the OS provider in terms of security.
This article is over a month old, voting and posting comments is disabled
4/10/2009 8:37:30 AM
I often see the AntivirusXP or 360 'scareware'. users claim they didnt click on anything but their browsing history usually indicates otherwise. sometimes a malicious script can get a PC infected without the end user clicking anything though. even with antivirus software you can still get infected..
4/10/2009 7:23:29 PM
If they didn't click through anything that means one of three things:
1) There's some zero-day in Windows; this is happening less and less often.
2) Their machine hasn't been patched since they bought it; despite automatic updates this still happen like you wouldn't believe.
3) They messed around with their settings previously to make their computer insecure; doesn't happen that often, you usually have to know what you're doing and do that on purpose to achieve it.
In all cases but one, it's the user's fault, and in the first case if they're running with UAC on, it has to be a non-IE zero-day which means they probably got passively attacked which means they're not behind a firewall. Long story short: in my experience, since XP SP2, whenever I've had to clean out a PC, the user has been asking for it.
4/13/2009 10:30:57 AM
Yeah, I get this one a lot when I a relative or friend asks me to "take a look at" their machine. Most users are completely clueless when it comes to how their computer operates, and even worse, they don't
to learn, they just want to sit down in front of it and "do" whatever the hell it is they want to do.
Which is why I really have no sympathy when they get viruses, have their identities stolen, or other nasty things happen to them. Truthfully, I have an intense hatred for anyone that won't read through the manual, call technical support, or go buy a book to gain greater understanding of their computer and how it works... what's even worse is how everyone acts like their lives are just
important and busy - "Oh, I have to take SoAndSo to baseball practice; I don't have time to do that, I have to make dinner; I can't read all this, I have to go pick up my granddaughter!" Well what the hell were you doing for the other 12 odd hours in your day? Couldn't squeeze in 15 to 30 minutes a day to cure your case of dumbass? Bullshit. The President is the only person that busy. The average person is just too apathetic and lazy to admit their too apathetic and lazy.
4/13/2009 10:32:22 AM
their = they're... Ugh, gotta get an edit button here DT guys!
"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer
Apple Tells Users "Get a Mac... Antivirus Program"
December 2, 2008, 9:30 AM
Microsoft Announces Free Antivirus Software for H2 2009
November 19, 2008, 9:40 AM
Americans Still Somewhat Befuddled by Cyber Security
October 6, 2008, 10:05 AM
Google plans ultra-fast wireless Internet for Research Triangle Park, N.C.
August 12, 2016, 6:30 AM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Most Popular Articles
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Latest Blog Posts
Who is in Risk of Getting Oral Cancer?
Sep 23, 2016, 6:02 AM
France Bans Plastic Eating Utensils in Restaurants
Sep 18, 2016, 10:49 AM
Progress Against Acute Myeloid Leukemia
Sep 17, 2016, 5:30 AM
Apple Watch Series 2 - Number 1 in the Customer Satisfaction.
Sep 7, 2016, 6:19 PM
First Self-Driving Car debut on the streets of Singapore
Aug 28, 2016, 4:10 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information