|
 |  Washington Post -
Nov-03-2009What Windows Autorun Has Wrought(topic overview)
CONTENTS:
- The worm is still circulating, mainly in enterprises, said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. (More...)
- Taterf, a worm that tries to steal online gaming credentials, was the second most prevalent threat family, detected by Microsoft on 4.9 million computers worldwide during the first half of 2009, the report states. (More...)
- Microsoft also sees an increase in malware that drops other threats, like Koobface and win32.chadem, a password stealer. (More...)
- "You want to make sure you have a firewall on your machine and run anti-virus software." (More...)
- Asked about expected information security threat trends for 2010, Kuo said: "Hopefully if we can get corporations to enact the recommendations we have surrounding network shares, that will take a big bite out of a worm's ability to spread in a corporate environment. (More...)
- Jeff Williams, principal architect of Microsoft's Malware Protection Center, attributed the rise to the investment cybercriminals are making in finding new vulnerabilities to exploit beyond buffer overflows, for example, which were the attack vector for many early worms. (More...)
- Microsoft's report also documents increased detection of password stealing and monitoring tools, which the report attributes to increasing malware attacks on online gamers. (More...)
- The best way to avoid worms, trojans, spyware and other malware is to switch to an inherently secure operating system, most notably Linux, BSD or Mac OSX. Their security derives largely from the fact that they are actually variants of UNIX, which was developed from the ground up as a secure operating system, rather than having feeble attempts at security tacked on as an afterthought. (More...)
- Fewer PCs were found to have been infected in the latest reporting period: 13.7 million versus 16.8 million computers for the second half of 2008. (More...)
- "The attackers' tactics may be getting more sophisticated, but fundamentally at the end of the day, you know that Microsoft.com is Microsoft.com. (More...)
- The advice to users is just plain boring because we've been saying it for years: Stay up to date on everyone's security updates and run updated AV on all machines. (More...)
- Spain and Korea saw the dominance of worms led by threats targeting online gamers. (More...)
- In addition to better communication among Internet service providers to block malicious Web pages, experts said, high-speed Internet connections improve security because people are able to more quickly download security updates and patches. (More...)
- Sixteen products have been tested using Windows XP Professional SP3 32bit computers. (More...)
SOURCES
FIND OUT MORE ON THIS SUBJECT
The worm is still circulating, mainly in enterprises, said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. Due to its password-cracking ability, if Conficker gets on one PC in a company, it can often then rapidly spread. Microsoft collects data on infections from its free security products such as Windows Defender, the Malicious Software Removal Tool (MSRT), Security Essentials as well as ones the company sells. Another worm -- called Taterf -- took the number two spot for the most infections at 4.9 million. Taterf steals authentication and account information for massively multiplayer online games such as World of Warcraft and Lineage, among others, and spreads through infected drives such as a USB stick or an infected network drive. [1] A new report by Microsoft shows that the two most prevalent threats to Windows PCs in the first half of 2009 were malicious programs that have been aided mightily in their spread by a decision by Microsoft to allow the contents of removable media -- such as USB thumb drives -- to load automatically when inserted into Windows machines. In its latest "Security Intelligence Report," Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively.[2] The Taterf worm has increased infections by 156 per cent over the past six months. According to the latest bi-annual Microsoft security intelligence report, the worm has moved from two million infections earlier this year to 4.9 million with the most recent analysis. It claimed that the '''Taterf' worm is infecting seven machines every hour in the UK, with it targeting multiplayer online roll playing games such as Rainbow Island and World of Warcraft. Unbeknown to the online gamer, the worm steals their personal account information via a downloadable executable file. It targets both home and work computers, and is primarily designed to infect a machine's USB stick or similar memory drive that can then be transported into a corporate network and infiltrate from inside their firewall defences. The report stated that this is marking a resurgence of worms with infections doubling in the first half of this year, primarily due to the Conficker worm. This has seen worms becoming the second most prevalent threat category in the first half of 2009.[3]
Trojans, including rogue antivirus, remain the most commonly found threat on infected machines. Rogue AV is also declining somewhat: Microsoft cleaned up 13.4 million computers with rogue AV in the first half of this year, down from 16.8 million in the second half of 2008, according to the report. The biggest surprise was that the total number of reported vulnerabilities in the industry decreased by nearly 30 percent from the second half of '08, with fewer than 2,500 new vulnerabilities disclosed in the first half of this year versus over 3,000 in the last half of last year. "It's possible that the industry is getting better at writing software, but I wouldn't expect such a sharp decline," says Chenxi Wang, principal analyst for security and risk management at Forrester. "I think more likely this is a temporary decline. We'll have to wait and see whether this becomes a long-term trend -- I doubt it." The decrease in rogue security software was promising, but it's still a major threat, says Microsoft's Williams. He says the reduction is likely due to enforcement efforts by Microsoft, and the Federal Trade Commission going after the culprits who distribute the software. Microsoft cleaned up the TaterF worm from over 700,000 machines the first day it was added to the MSRT, and it has increased 156 percent, from 2 million infected machines in the second half of last year to 4.9 million this year.[4] SAN FRANCISCO — A Microsoft security report released Monday warns that cyber crooks are digging into computers for weak spots to penetrate with worms -- malicious software that steals control or data. Rogue security software remained the top hacker threat to computers during the first half of this year, but the number of infections was dropping while penetrations by worms doubled, according to the Security Intelligence Report.[5] In its latest Security Intelligence Report, Microsoft documents the doubling of worms in enterprises during the first half of 2009. The top threat in enterprise environments during the first half of the year was the Conficker worm, Microsoft says in its Security Intelligence Report opnbrktSIRv7clsbrkt, which covers the first six months of 2009. According to SIRv7, the number of worm infections in enterprise environments -- those running Forefront Client Security -- doubled from the last half of 2008 through the first half of 2009. During this period, worms rose from fifth most commonly encountered threat category to the second. Among home PC users -- those protected by Windows Live One Care -- worms are not nearly as much of a concern.[6] The Conficker worm continues to be one of the most prevalent threats facing PCs running Windows, according to a new security report published by Microsoft. For the first six months of the year, Microsoft found that more than 5 million computers were infected with Conficker, according to its latest Security Intelligence Report.[1] High-profile examples include the Conficker worm, which has infected millions of Windows PCs since it surfaced late last year, giving the people behind it potentially malicious connections into computers around the globe. Information about detecting and removing the Conficker worm is available on this Microsoft site. Microsoft has long been criticized for the lackluster security of Windows and other products, but improvements in its software development process have helped noticeably in recent years. Among other things, better Windows security contributed to a reduction in the prevalence of worms in recent years, prior to this latest report, said Jeff Williams, principal group program manager in Microsoft's Malware Protection Center. "We see in this resurgence not only that the prevalence is much higher than it has been in previous periods, but that the mechanism for it to propogate has changed, as well," Williams said in an interview.[7] CSO - Microsoft caused the IT security community more than a little heartburn when it included fixes for the barely-out-of-the-box Windows 7 in its October 2009 Patch Tuesday security update. Jimmy Kuo -- principal architect for Microsoft's Malware Protection Center -- has high hopes that Windows 7 will ultimately be seen as the major turning point where malware writers finally met their match. In the following Q&A, Kuo talks about the top takeaways from the latest Microsoft security intelligence report and why he believes Windows 7 will ultimately shut the door on a lot of the malware activity outlined this year. A note on the report: Microsoft's conclusions are based on data being reported back from its Malicious Software Removal Tool (MSRT), which is on 450 million computers; Bing, which performed billions of Web page scans during the past six months; Windows Live OneCare and Windows Defender, which runs on more than 100 million computers; and Forefront Online Protection for Exchange and Forefront Client Security, which scans billions of e-mail messages a year.[8] Computer worm infections, on the other hand, surged upward. The report covers the first six months of 2009 and is based on data collected from more than 450 million computers running Microsoft's Malicious Software Removal Tool (MSRT), users of its cloud-based security services Forefront Online Protection for Exchange, antimalware visibility into Hotmail and Windows Messenger, as well as Web crawlers on its Bing search engine.[9] There was a decrease in rogue security software, malicious programs that pop up and infect computers under the guise of removing viruses and spyware. Those are among the findings released this morning by Microsoft in its seventh Security Intelligence Report, which compiles data and spotlights trends gleaned from the company's Malicious Software Removal tool, scanned Hotmail messages, Windows Live Messenger trends, and other programs offered by the Redmond company. Worms can propogate by themselves, spreading across the Internet by exploiting software vulnerabilities, as opposed to Trojan dowloads and other exploits that require the user to take a specific action such as clicking on a dialogue or visiting an infected site.[7] "Microsoft is not only committed to providing security intelligence for our customers and the community, but the most accurate and comprehensive view of the realities of the threat landscape." Microsoft gathers data for it threat report from a number of sources, including its malicious software removal tool, which is installed on around 450 million computers worldwide, its search engine, Bing, which performs billions of webpage scans, and its antivirus solution, Windows Live OneCare.[10]
Windows 7, the latest addition to the family of operating systems from Microsoft, was not included in the report, which covers the first half of 2009 (1H09). Another common threat listed in the report was Microsoft Office file format exploits, which targeted versions of Office which did not have the latest service pack updates applied. Most of those attacks targeted Office 2003 users. The data presented in the study were gathered from Microsoft's security products such as Windows Defender, the Malicious Software Removal Tool (MSRT), or the recently released Security Essentials.[11] On a slightly positive note, the phenomenon of rogue or bogus security software appears to have peaked, with detections down from 16.8 million in the second half of 2008 to 13.4 million in the period covered by SIRv7. It is still the largest category of threat for the first six months of the year, but is on the way down, at least for now. Do such figures hold much water? Microsoft's figures can probably be trusted. The company draws it statistics by scanning real PCs across the world using its burgeoning empire of online services, including the Microsoft malicious Software Removal Tool (MSRT), Windows Live OneCare and Windows Defender (now succeeded by the free Security Essentials program), as well as scans of its Bing search engine. The installed base of those tools is huge, and will doubtless increase as the Security essentials programs spreads in popularity.[12] Japan, for example, runs the Cyber Clean Center, which is a collaborative project between ISPs, major security vendors and the government to educate users about PC security. Information contained in the report was gathered through a number of reporting mechanisms, including users of Microsoft'''s Malicious Software Removal Tool, which runs on 450 million PCs across the world; its search engine Bing, which scanned billions of web pages during the time period; Windows Live OneCare and Windows Defender, running on more than 100 million PCs worldwide; Forefront Online Protection for Exchange, which scans billions of emails every year; and Hotmail, which has hundreds of millions of active users.[13] The report comprises information gleaned from scans using Microsoft's Bing search engine, and data from the Forefront Protection for Exchange cloud service, as well as Live OneCare and Windows Defender products and the Malicious Software Removal Tool (MSRT) which runs on 450 million PCs worldwide.[14]
This was behind the miscellaneous trojans category, which remained the top threat category from six months ago. This is according to the latest Microsoft security intelligence threat report, its twice-yearly findings from worldwide data taken from Bing, Windows Live Care and Defender, Forefront, as well as its Malicious Software Removal Tool (MSRT).[15] Version 7 of Microsoft's Security Intelligence Report (SIR) -- which drew its data from over 450 million Windows PCs worldwide from January to June 2009 -- found that worms are now the number two threat, behind Trojans, and up from the number five slot in the second half of 2008. "We're seeing a resurgence of worms: they've risen by 98.4 percent," says Jeff Williams, principal architect for Microsoft's Malware Protection Center. "This is due to Conficker and TaterF, a lesser known worm but almost as prevalent as Conficker."[4] The volume of worm infections exploded in the first half of 2009, compared with the second half of 2008, according to Microsoft. In volume seven of the Microsoft Security Intelligence Report (SIRv7), the Redmond company indicates that Conficker and Taterf have made worm infections second only to those caused by miscellaneous Trojans. According to the software giant, worms such as Conficker and Taterf are designed to exploit unsecured file shares, as well as infect removable storage devices, while spreading from one machine to another.[16] Microsoft'''s seventh annual Security Intelligence Report has revealed that worm infections in the enterprise rose nearly 100% during the first half of 2009 compared to the preceding six months. Redmond identified Conficker as the most prevalent worm detected in the enterprise, primarily because its method of propagation works more effectively within a firewalled network environment, Microsoft said. Consumers are not at great risk from Conficker because they are much more likely to have automatic updating enabled, said Microsoft.[13]
The latest Microsoft Security Intelligence Report (dubbed SIRv7) has been released, and while rogue security software was the "single largest threat category for the first half of 2009," the real news relates to worms.[17] Microsoft has just released its Security Intelligence Report volume 7 (SIRv7) for the first half (H1) of 2009 exploring the most prevalent information security threats - malware and rogue security software.[18]
Microsoft detected that 20% fewer customers were affected by rogue infections during the past six months. On the decrease was the threat from the Zlob family of Trojans, which found its way onto PCs after being hidden in fake anti-malware software. Disinfections of this scareware fell from a high of 21.1 million in 2007 to just 2.3 million during the first six months of this year. Microsoft says this is evidence that the battle against Zlob is being won. This year'''s Security Intelligence Report also features best practice guidelines from countries where malware seems to be a much smaller problem.[13] Microsoft today released its biannual Security Intelligence Report which demonstrates some surprising conclusions about the threat landscape impacting enterprise networks. The number of rogue security software infections, a high-profile scourge earlier this year, were down as were the number of Trojan and downloader infections.[9]
Akif suggested the amount of global rogue security software has decreased since Microsoft's last Security Intelligence Report in part because of Internet Explorer 8's SmartScreen technology. This technology considers Internet URL reputations, so if a URL is deemed to be malicious, the URL will be blocked from the end-user's machine, he said. According to this season's volume seven Security Intelligence Report, seven out of the top 10 threat families in Canada are malware, while three are potentially unwanted software. 'Consumers in Canada are becoming more aware (of these threats),' Akif said. 'But we still have to do more on the SMB font because this sized business is often the hardest hit in any economic situation.[19] The findings of the report signal that there's still a lack of global market awareness around the security and threat landscapes, Akif said. Microsoft released the results from its Security Intelligence Report, version six back in April and at that time, Akif noted that the biggest threat increase, worldwide, is with rogue security software. Rogue security software is usually advertised to users as a free software trial, giving users the option of purchasing a 'complete' version of the product, when in fact, it's fake security software. Once users input their personal and financial information, attackers have the ability to steal things like credit card information and individual identities.[19]
Rogue security software, known as "scareware", is also viewed as a major threat. Scareware tricks people in to downloading what they believe to be legitimate antivirus software on to their computer, but it in fact contains the viruses, Trojans and worms they are trying to protect against. "It's been said that knowledge is power and when it comes to security intelligence, lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft malware protection centre.[10] For Windows Vista SP1, the infection rate was 61.9 percent less than Windows XP SP3, according to the report. "It's been said that knowledge is power'and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center, in a statement.[20]
The prevalence of rogue security software, or malicious applications that masquerade as antivirus utilities, dropped slightly from January to June over the previous six months, the report states. Unfortunately, cyber criminals have gotten better at including extra malware in such rogue applications. "The result is that, from a criminal perspective, they're able to monetize in two ways instead of one," said Jeff Williams, principal architect for Microsoft Malware Protection. "And from a user perspective, they have double the infection."[21] Malware makersthe criminals responsible for viruses and worms have become increasingly organized and sophisticated, according to a Microsoft security report that was released today. Gamers, the gullible, USB drive users, and people who don't patch their PCs are their biggest targets. Cybercriminals are organized like corporations, and follow regular software release cycles, said Jeff Williams, principal group program manager for the Microsoft Malware Protection Center: "They are working for monetary gain."[22]
"We still see rogue security software in high volume but not on the rise," Microsoft Malware Protection Center principal architect Jeff Williams told AFP. "What is on the rise is resurgence of worm activity, particularly Conficker and Taterf."[5] Jimmy Kuo, principal architect from the Microsoft Malware Protection Center, said that Microsoft has seen a resurgence of worms emerging from near-extinction to currently account for about one-sixth of Internet threats affecting the enterprise. Enterprise PCs are much more likely to become infected by a worm, such as Conficker, than are home computers running OneCare, Microsoft's now-defunct antivirus offering, due to interconnected networks, an increasing reliance on USB sticks, and other portable media to transfer work to and from the office. One worm, known as Taterf, has surfaced as a major threat, specifically designed to steal online gaming credentials and game scores from online games such as World of Warcraft, and to spread via an infected USB stick or network drive, executives said.[23] Like Conficker, it spreads via Microsoft's Autorun feature, for instance. "It has hit enterprises fairly hard because of the proximity of networks in that environment," Microsoft's Williams says. "It spreads through drives. People play games at home, where they don't necessarily have enterprise protections. Then they shuttle information or files or programs of their own on removable media, like a USB key," which then infects their work machines as well, he says. "TaterF has a malicious payload from the get-go," he says. Conficker, meanwhile, was still ahead of TaterF this year so far, with 5.2 million infected machines. Microsoft also reported that Trojan downloaders have dropped -- namely Zlob, which at its peak had infected 21 million machines, but as of the first half of '09, was found on only 2.3 million machines.[4] Why?Kuo: In the first half of 2009, worms rose from fifth place in to become the second-most prevalent threat category in the latest report -- a 98.4 percent increase. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments. What were some of the more pervasive malware threats?Kuo: Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Taterf targets massively multiplayer online role-playing games and has increased 156 percent from 2 million last year to 4.9 million in this year.[8] The report concludes that worm infections in enterprises (firewalled network environments) approximately doubled in H1 2009, compared with H2 2010. Microsoft underlined that Conficker and Taterf had by far been the most detected worm families in the first half of this year.[16]
Long dismissed as a security scare of the past, Internet worms appear to have made a strong comeback, jumping to take the top two places on Microsoft's latest threat list. According to Microsoft's latest Security Intelligence Report (SIR) Volume 7, which covers the period from January to June 2009, old-style mass-infection worms have doubled between the second half of 2008 and the first half of this year.[12] The most commonly encountered threat category for businesses was Miscellaneous Trojans, which includes rogue security software. While rogue security software continues to present a risk, Microsoft says that 20% fewer customers were affected by it in the first half of this year compared to the second half of last year.[6] Frankly, I'm surprised that Microsoft kept Autorun as the default option for as long as it did, given the company's Trustworthy Computing security initiative, launched in January 2002 with a memo from Chairman Bill Gates that memorably stated, "When we face a choice between adding features and resolving security issues, we need to choose security." On a more positive note, Microsoft found that the number of infections associated with rogue security software fell to 13.4 million in the first six months of this year, down from 16.8 million in the latter half of 2008.[2]
Talk about the data that lead Microsoft to that conclusion.Kuo: We detected and cleaned rogue security software off of 13.4 million computers. That's down from 16.8 million last year, but it's still a significant threat. Known as scareware, this stuff takes advantage of customers' desire to keep their computers protected. A box will appear warning the user that their computer has been infected and they must download the given program to clean it up. The user OK's the download, and that's when they become a victim.[8] The report also claimed that Microsoft has detected and cleaned 13.4 million computers of rogue security software, down from 16.8 million, which it called '''an improvement, but still a significant threat'.[3]
'''The worm family Taterf is an interesting case,''' the report states. '''It targets massively multiplayer online role playing games, which are not common in the workplace, but the techniques it employs (such as infecting removable drives) make it spread more effectively in enterprise environments.''' Rogue security software is still a significant threat, through it was down somewhat this year.[24] Cliff Evans, head of security and privacy for Microsoft UK, said Conficker has had a '''certain amount of success''' in infecting machines. '''That'''s generated a lot of coverage, which is obviously picked up by criminals that who wanted something themselves," he said. '''They are about looking to make money out of this, so they are looking for the most effective method,''' he added. The second biggest software family was a worm called Taterf, which targeted massively multiplayer online role-playing games (MMORPG). This increased by 156 per cent, from two million in the last report to 4.9 million in the latest one.[15] The Microsoft Security Intelligence Report found that known cases of the Taterf worm had risen by 156 per cent since the second half of 2008 to 4.9 million, with massively multiplayer online role-playing games, such as World of Warcraft and Legend of Mir, a key target for virus writers.[10] Taterf is now at the number two spot for computers worms worldwide with 4.9 million infections, according to the newly released Security Intelligence Report from Microsoft.[11] The number of worm infections worldwide has doubled since the end of 2008, wreaking havoc primarily on enterprise environments, according to the seventh volume of Microsoft's Security Intelligence Report released Monday.[24]
While Volume 7 of Microsoft's Security Intelligence Report found that Trojans were the top malware threat for U.S. enterprises during the first six months of 2009, Microsoft also noted a jump in the prevalence of worms.[20]
The data was obtained through Microsoft's security products, Hotmail, and Windows Update, Williams said. "It shows differences from region to region, and provides a comprehensive view of the threat landscape." Globally, Microsoft found that the number of trojan downloaders has fallen markedly over the past year; although, they did remain the most common threat. That gain was offset by a rise in instances of worms, password stealers and monitoring tools, according to the report.[22] The next version of the report will include data from the company's new free antivirus product, Microsoft Security Essentials (MSE), according to Microsoft's Williams. "It will be interesting to see the next version of this report since Microsoft will have data from its free Security Essentials product as well as some information about Windows 7," Directions On Microsoft's Retallack says.[4] When Microsoft announced Microsoft Security Essentials, its new free antivirus software designed to replace Windows Live OneCare, it was treated with contempt by the vendors of both other free antivirus software and the paid-for security suites. A recent testing of the most popular antivirus products placed MSE on a par with the paid-for products and above its free competitors.[25]
After a brief period of public beta testing, in which the product gained a resoundingly positive reception, it was finally released as a full product late September. A couple of weeks later came evidence that MSE had already proved its worth, with 2.6 million people having downloaded the product and it making four million infection detections in the first week. It isn't just users who are impressed with the software Microsoft is offering, with a new study into the effectiveness of several antivirus products rating MSE very highly. According to Ars Technica, AV-Comparatives tested 16 security products, both free and paid-for.[25]
The report says that because of Microsoft's SmartScreen Filter, which offers phishing and malware protection in Internet Explorer 8, the amount of Miscellaneous Potentially Unwanted Software detected rose from 35% in the second half of 2008 to 44% in the first half of 2009. Microsoft saw the percentage of computers cleansed of malware in this category drop from 22.8% to 14.9%. Based on these statistics, report concludes that Microsoft's security measures are stopping malware before it gets downloaded. Along similar lines, Microsoft's self-assessment of vulnerabilities in its operating systems suggests that the company's commitment to security is paying off.[6] Security breaches from hacking or malware incidents remain less than 15% of the total. Despite the 'miscellaneous potentially unwanted software' category increasing from 35% of malware impressions in the second half of 2008 to 44.5% in the first half of 2009, the percentage of computers cleaned decreased from 22.8% to 14.9% suggesting that "SmartScreen and similar technologies may be successfully intercepting these threats before they are downloaded to computers", Microsoft said.[18]
The worldwide prevalence of computer worms, self-copying malware that spread most commonly through e-mail, more than doubled during the first half of 2009, according to a new Microsoft security report ( PDF ]] PDF ]] PDF ).[21] In an analysis of the top security threats during the first half of 2009, Microsoft's findings show the importance of having sound guidelines governing thumb drives and connecting to corporate networks from machines outside the enterprise. According to Microsoft, both Conficker and another notorious worm took advantage of poor policies around USB devices to spread. In its biannual snapshot of the security landscape, Microsoft has uncovered a resurgence a worms that underscores the importance of having sound security guidelines for removable USB devices accessing corporate networks.[20] "If you have a home network affected, that's two or three machines, but if you have a corporate network, it could be 50 000 machines and so the count dramatically increases whenever you have a worm infecting a company", Kuo said. "The worms that are responsible for this drive include Conficker, AutoRun, Hamweq and Taterf. The combination of these worms account for one sixth of these threats encountered by the enterprise." Kuo said they all have the ability to utilise shared resources such as drives and servers. They can for example spread from a USB memory stick through the auto play setting on many computers. "Because of that commonality Microsoft did a change to the operating system so it will only take such action such as auto play on media that's likely to be read-only.[18]
The company claims Taterf infections have risen by more than 150% since the second half of 2008, and that companies are suffering as a result. "It's a family of worms that has the target of getting your credentials," Microsoft's UK head of security, Cliff Evans, told PC Pro. "It will spread within the enterprise - it's brought from home into work." Evans said companies need to tighten access to file shares and removable storage volumes, such as USB thumb drives, to avoid infection.[26] According to the previous Security Intelligence Report, more than 17 percent of infections in the second half of 2008 were by malware that can spread via AutoRun. In April, after the third version of Conficker become front-page news and even fodder for feature story on 60 Minutes, Microsoft announced that its AutoPlay function would no longer support AutoRun for USB drives.[2]
On average, seven UK computers were infected by a worm every hour during the first half of 2009, the Microsoft Security Intelligence Report said.[27] The prevalence of worms jumped 98.4 percent since Microsoft's last Security Intelligence Report. Worms called Win32.AutoRun and Win32/Hamweq accounted for 16.7 percent of those Microsoft detected on computers using its anti-malware products, Williams said.[21]
Microsoft released the latest volume of its Security Intelligence Report (SIR) Monday, a semi-annual study evaluating the security threat landscape and malicious and unwanted software, based on data gathered from 450 million machines.[23] Today Microsoft is releasing their Security Intelligence Report, Volume 7, covering the period from January to June, 2009. The SIR is based on telemetry gathered by Microsoft from a variety of sources, from the Malicious Software Removal Tool to their Forefront and Security Essentials anti-malware solutions the anti-virus in Hotmail, to link scanning in Messenger and Bing. It seems like we see nothing else at times, but Microsoft is actually seeing a relative decline in rogue anti-malware.[28] Malware was detected on about 10 U.S. computers for every 1,000 executions of Microsoft's Malicious Software Removal Tool. Williams said Microsoft communicated with security monitors from the world's least-infected countries including Japan, Germany, Finland and Austria to find out what they're doing right.[21] Win32/Zlob trojans often posing as downloadable media codecs fell almost tenfold from a peak of 21.1 million to 2.3 million disinfections recorded through Microsoft's Malicious Software Removal Tool (MSRT) in the first half of 2009. Kuo said Microsoft kept adding signatures that would address all the variants of the trojans, and in the end, a message appeared in one of the Zlob variants where the malware authors acknowledged Microsoft's effort, and that they would give up.[18]
Looking at rogue security software, Kuo said the first half of 2009 saw 13.4 million computers detected and cleaned of rogue security software, down from 16.8 million in the second half of 2008.[18] 'In the last six months, rogue security software was detected on 13.4 million computers (around the world), which was down from 16.8 million compared to the second half of last year,' Akif said.[19]
Taterf, a worm that tries to steal online gaming credentials, was the second most prevalent threat family, detected by Microsoft on 4.9 million computers worldwide during the first half of 2009, the report states. [24] The now-notorious Conficker worm was the most prevalent individual threat family overall, detected by Microsoft on 5.2 million computers during the first half of 2009.[24]
Microsoft removed phony AV programs from 13.4 million computers in the first half of 2009, compared to 16.8 million in the second half of 2008, according to the report.[24]
Of all categories, Internet worms experienced the highest rate of growth, rising from the fifth-most prevalent threat during the second half of 2008 to second place during the first half of 2009, according to the Microsoft SIR report.[23] Internet worms experienced a resurgence in the first half of 2009 -- almost doubling in volume over the previous six months, according to a new Microsoft report.[7]
The number of worms had been falling in the first half of 2006 and 2007 but jumped back up by the end of 2008 and the first half of 2009. Predictably, the Conficker worm was the biggest driver for this increase, coming as the number one malware software family detected by Microsoft.[15]
Despite the rise in worm attacks, the biggest threat category according to Microsoft is from rouge security software, known as scareware. Scareware works by informing the user that they have a virus on their machine and tricking them into paying for software to get rid of it, which turns out to be infected with more malware.[13] Phishers continued to target a wider range of Web sites than in the past, honing in on online gaming portals and major corporations, Kuo said. Despite anecdotes that seem to point to the contrary, Microsoft's researchers noticed a 20 percent decline in rogue security software -- bogus antivirus software that claims to clean a users' system but instead is designed to scam users out of money, install malware or both. Rogue security software generally pesters users with pop-up alerts or ads, indicating that there is malware on their system even when there isn't.[23] Rogue security software "will still play a major role", Kuo said, but with the SmartScreen filtering in Internet Explorer 8 and the launch of free Microsoft Security Essentials, the defences have been reinforced.[18] Six of the sixteen security software programs received an advanced plus rating. Among them Microsoft's Security Essential product which was also the only free product to score the highest rating and one of three that scored a good rating in the two tested fields removal of malware and removal of leftovers.[29] Microsoft Security Essentials (MSE), the free anti-virus software released by Microsoft got good reviews so far. This is a free product and it may not have all the bells and whistles you get from the commercial products, but it scores good in malware removal tests conducted by AV-Comparitives tests.[30]
The results, as seen above, were divided into 'Removal of malware' and 'Removal of leftovers', with the antivirus software then giving a rating based on their performance in the test. Symantec, eScan, and Microsoft Security Essentials were the only products to get Good ratings in both categories. Those three, along with F-Secure, Kaspersky, and Bitdefender were awarded Advanced+ ratings.[25]
Businesses should establish security protocols for removable media drives, and have new arrivals automatically scanned for malware, Microsoft recommends. "The criminals out there are becoming more overt, more malicious and more direct in their attacks," Williams said. "That emphasizes the need for multi-layer protections. It is great we have anti-virus software to remove the threats, but clearly it is better to prevent the threat from getting in."[5] 'During this period, had an almost identical threat footprint to Conficker in terms of number of infection machines, yet we hardly ever hear about it,' said Jeff Williams, principal group program manager for the Microsoft Malware Protection Center. 'I think enterprises dismiss it as not applicable to them' due to their policies against online games, he said.[20] Scareware numbers were also in decline; 13.4 million infections for this report, compared to 16.8 in the last. Scareware relies on social engineering to spread; users visiting a malicious or infected website would be presented with a pop-up claiming that the user's machine has been infected and that they should download protection from the pop-up. Williams conceded this is primarily a consumer problem. He said the decline in numbers can be attributed to a couple of fronts: legal action by the Federal Trade Commission to take down Innovative Marketing, a purveyor of the WinFixer family of scareware, and the deployment of the SmartScreen filter in Internet Explorer 8 which blocks phishing sites as well as attempts to install rogue malware.[9]
An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Just as social networks such as Facebook are seeing advertisement targeted depending on users''' settings and geographical location, so could malware and other threats be targeted specifically, said Stefan Tanase, senior security researcher at Kaspersky Lab, Romania, at the ISSE 2009 conference on 7 October. The latest quarterly IT security report from PandaLabs says that malware writers are breaking all established records when it comes to developing new ways of infecting internet users' computers with malware and generating income from them.[18] In addition to stealing the user's personal information, worms can spread on removable USB sticks and attack all the computers on a work or home network. Microsoft's global head of security, Vinny Gulluto, told Sky News there are a range of ways gamers and web users can protect their computers. He warned "new variants show up all the time," but described Taterf as "pervasive". "You want to make sure you always stay up to date, keep your applications up to date," he said.[27]
Online role-playing games are increasingly being targeted by virus writers to spread worms and other malicious software, according to the latest security report from Microsoft.[10] Microsoft's recommendations include downloading and installing regular security updates, and running security software. The company also says corporate IT departments such develop policies for file sharing and removable drives that can make malware spread more easily. Download the full report on this Microsoft page.[7] Worms are programmed to replicate themselves, wriggling from machine to machine by hiding in legitimate applications or piggy-backing on USB drives or other portable data storage devices. Rogue security software, or "scareware," typically spreads by tricking people with pop-up boxes bearing bogus alerts that their machines are infected.[5]
Users are compelled to then submit credit card information in exchange for fake antivirus software, which is typically ineffective at best and malicious at worst. Kuo attributed this decline, in part, to program enhancements in Vista and subsequently Windows 7 that can detect and block the phony software, although he maintained rogue security software still remained one of the top security threats.[23] In worldwide information security threat trends, Microsoft found that trojans, including rogue security software, remained the most prevalent category.[18]
The e-mail, in broken English allegedly from "Russia," complimented Microsoft on responding quickly to the threats. It's just a small victory, as there are plenty of other security problems. Fake antivirus programs are among those. The programs, which look like legitimate security software but do not work, badger people with pop-up menus saying their computer is infected.[1] The primary motive behind rogue security software is financial gain, Akif said. While the number of detected computers with rogue security software decreased in the past six months, compared to the last survey, Akif said this is still a serious threat to users.[19] The number of rogue security software instances detected or cleaned dropped from 16.8 million in the last report to 13.4 million, but scareware still represents a significant threat, the report said.[14] The report says rogue security software was the single-largest threat category for the first half of 2009.[8]
The latest edition of Microsoft'''s six-monthly security reports cover the first half of the year.[31] Worms rose to become the second most common type of threat in Microsoft's latest report, compared with a previous fifth-place ranking for the second half of last year.[7] Worm attacks increased by more than 100% in the second half of 2008, and are now the second biggest threat category behind Trojans. The worm resurgence was largely down to the infamous Conficker, which wreaked havoc across the world earlier this year. Microsoft warns a second worm called Taterf, which targets massively multiplayer online role-playing games (MMORPGs) such as World of Warcraft, is also doing damage.[26] The identity of the most common worm' Conficker?should come as no surprise. The second most prevalent worm, however, was Taterf, which targets passwords for online games. According to Microsoft, detections of Taterf rose 156 percent during the first half of 2009 over where they stood during the previous six months.[20]
Microsoft said phishing impressions rose "significantly" in the last period - primarily due to an increase in phishing attacks targeting social networking sites, which saw a quadrupling in May. Looking at email traffic and spam, Microsoft said its Forefront Online Protection for Exchange (FOPE) blocked 97.3% of all messages received at the network edge in the first half of 2009, up from 92.2% in the second half of 2008.[18]
Worms were the second most prevalent information security threat in the first half of 2009 having risen from fifth place in the second half of 2008.[18]
Microsoft: Worms Are Most Prevalent Security Problem The Conficker worm continues to be one of the most prevalent threats facing PCs running Windows, according to a new Microsoft report.[1] Microsoft SA's head of Windows business says the company has added a number of security updates to Windows 7. Microsoft has increased security for its latest operating system, Windows 7, which was rolled out late last month. Microsoft conducted its largest security update in late October, with 13 patches that fix a total of 34 vulnerabilities; 22 of those vulnerabilities being critical. According to security experts, Windows is claimed to be the most popular target for cyber criminals and malware attacks such as viruses, Trojans and worms.[32] To counter the surge of Internet worms, Kuo said Microsoft incorporated a feature in Windows 7 that will only download information onto CDs, or DVDs, and will stop short at transferring information onto thumb drives. "This new behavior will curtail a lot of spreading behavior of these worms," Kuo said, adding that the feature was specifically designed to prevent the spread of worms and not control piracy or enforce copyright laws. "We expect that number to go down, so this is really heartwarming to those of us who are waging this war to continually recognize we have had some effect."[23] One update, rated as critical, addresses a security loophole in Internet Explorer 8 running under Windows 7. Erasmus says: "As technology evolves, security exploitation opportunities become apparent and Microsoft works hard to close these doors to would-be hackers. In Windows 7, we have specific features such as network location to protect users from accidentally sharing out information.[32]
In late August, Microsoft released a patch that similarly disables Autorun on Windows XP, Vista, Windows Server 2003 and Server 2008 systems. This patch does not appear to have been pushed out through Microsoft's Automatic Updates or Windows Update, so if you'd like to install it, you'll need to visit this link and download the appropriate version for your operating system. Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB thumb drives. Wilders Security Forum has a nice writeup on this patch, and offers some harmless sample code to test whether your Windows box has this feature enabled.[2] While the test certainly does not make Microsoft Security Essentials the best free antivirus software that is currently available as Lee described it over at the Download Squad it certainly can be seen as an indicator that Microsoft has delivered a quality software program for the Windows operating system.[29] Product review: Microsoft Security Essentials : Microsoft Security Essentials, the long-awaited replacement for the Windows Live OneCare package, is finally with us. VB's test team put Microsoft's new free home-user package through its paces, declaring it to be pretty decent overall. VBSpam comparative review : This month's anti-spam comparative review saw another increase in the field of competitors with 14 products taking their place on the test bench.[33]
Data wa collected from Windows Defender, the Malicious Software Removal Tool (MSRT) and Security Essentials as well as its enterprise Forefront security products, among others.[23] ESET, Sophos, AVG, McAfee, Avast, AVIRA, and Trustport were rated Advanced; Norman, and G DATA were rated as Standard; Kingsoft was Tested. This is a great result for Microsoft because it puts MSE on a par with the best paid-for products and ahead of both paid-for and free alternatives. Microsoft Security Essentials is still not perfect but it's clearly a solid product that will do as good or better a job at protecting your system as a host of other security suites.[25] MSE is the only free anti-virus which got the Advanced+ rating, other free anti-virus software like AVG, Avast got the Advanced rating. Microsoft Security Essentials beat other free competitors AVG, Avast and Avira in these tests.[30] Be it security software from Kaspersky, Symantec, Trend Micro, AVG, Avira or Avast: Everyone seems to have a favorite that gets recommended to other users who inquire about the best antivirus solution. Lately, Microsoft has joined the ranks of recommended antivirus solutions with its security software Microsoft Security Essentials.[29]
The good news is fake security software (or scareware) is in decline, with infections sloping off by a fifth since last year. "There's less of it than there was," said Evans, who claims security companies are now better at detecting the rogue software than they were previously. Microsoft says it will continue to pursue the peddlers of such software, many of whom use Microsoft-like symbols and icons to hoodwink their victims. "They are very convincing," Evans said.[26] On the bright side, Microsoft recorded a tenfold decrease in Zlob disinfections, and rogue security software infections were down 20 percent.[17]
The latest test by independent security researchers AV-Comparatives is another confirmation that Microsoft has developed a solid security software for the Windows operating system.[29] For computers running Windows Vista, 84.5 percent of the browser-based exploits targeted third-party software rather than Microsoft's. Vista implemented an array of new security features designed to reduced its vulnerability to attack.[1] Microsoft is playing a game of multidimensional chess against an opponent that is profit-driven. Improvements in security have induced cyber criminals to exploit more complex software vulnerabilities, and those vulnerabilities have become the new chosen mechanisms for propagating worms of worms, Williams acknowledged. "They left a note in a worm telling us that they would take more direct action in the future.[22] Security software, combined with increased industry and government cooperation, has helped Microsoft better protect customers over the past year, Williams said.[22] Malware has been increasingly targeting online gamers, and there has been a major uptake in fraudulent security software, Williams said.[22]
Criminals have also begun the practice of bundling malware, and making "pay for play" arrangements with one another, Williams said. Another trend Williams noted is the misuse of autoplay in Windows, and using removable media like USB jump drives as an attack vector to get inside of protected enterprise environments. Microsoft recommends that customers should use trusted anti virus software, a Web browser with anti-phishing technology, and keep their operating systems up-to-date.[22] Many instances of Conficker, for example, were spread via infected USB memory sticks; Windows XP and Vista's autorun features would automatically execute the malware on an infected stick that were often carried into a business from the outside. Those autorun capabilities have been muted in Windows 7, Williams said. Williams added that he believed the decline in Trojan and downloader infections is attributed to the advancements made in creating generic antimalware signatures not only for specific strains for malware, but for entire malware families.[9] Microsoft attempted to curb the spread of Conficker in October 2008 by releasing an emergency patch but was too late to stop the malware as it jumped from machine to machine by infected thumb drives and peer-to-peer networks.[23] Conficker and Taterf worms have reportedly wriggled into millions of machines. One of the troublesome ways both worms spread is by stowing away on thumb drives, which are becoming increasingly popular vehicles for people to move music, videos, games, files or other data between computers.[5] Taterf spreads copying itself to the root of all fixed and removable drives on the infected system ensuring it gets executed by creating and autorun.inf file. Despite its target of gaming, Kuo said the worm is often found in the corporate environment. The reasons for this could be that employees are being infected at home on the same computer they do work from home at, and then infect the corporate environment when they plug in their USB stick to upload their work; or that employees stay after hours at work to play games.[18]
Although a worm targeting games may seem a consumer issue, Evans said that it could easily enter a enterprise network if employees were playing games in the workplace. "Organisations should be making sure that they are protecting themselves in terms of thumb drives, making sure they are being scanned, and making sure malware was up to date,''' he said. Evans said that it was difficult to know whether the worm trend would continue, but said it was more important that people took the right precautions to keep their computer secure.[15]
Microsoft also sees an increase in malware that drops other threats, like Koobface and win32.chadem, a password stealer. Some of the malware highlighted in the report, such as the taterf worm, are almost at Conficker volume levels, but nowhere near as famous. Microsoft argues that legal enforcement actions against the scareware merchants and the work of the FTC have been key in this area, as have some technological solutions like IE8's SmartScreen filter and, yes, even user education. [28] Conficker has driven the growth of worms as a malicious threat, according to Microsoft'''s latest report.[15]
Since Microsoft's last Security Intelligence Report, worms increased 98.4 percent worldwide. IT Pro notes that the Conficker worm was the biggest driver for this resurgence.[34] Microsoft says worms are making an unwanted comeback in its latest annual Security Intelligence Report.[26]
Microsoft Corp. (NASDAQ: MSFT) today released a new edition of its global Security Intelligence Report and Mohammad Akif, the company's national security and privacy lead for Canada, said more end-user education and awareness is still needed around the security and threat landscapes. The bi-annual report is now in its seventh version and the report findings span from January to June of this year.[19] The report compared the various editions of XP and Vista, showing as expected that there'''s a consistent pattern: the more recent your edition or service pack was released, the less likely your machine is to be infected. Surprisingly, however, every version other than XP'''s original release was more prone to infection this year than the previous six months, with XP Service Pack 2 showing the greatest increase. That could simply be down to so few people still using XP without any service packs that they are likely to be the type of people who spend little time online and run few applications. There is also a notable disparity between where security threats originate and where they have the most effects.[31]
Taterf spreads exclusively via Autorun. Together, these two threats accounted for more than 35 percent of the top 10 malicious software infections in first six months of this year, Microsoft found (click the chart below for a breakdown of those threats).[2] Malicious software aimed at online banking was problematic in Brazil, while worms were a dominant threat in Spain and South Korea, Microsoft said.[1]
Worms, Trojans and rogue software known as'scareware' continue to plague UK firms, but the UK is ahead of most of its global peers in protecting against such threats, according to the latest figures from Microsoft.[14]
Worms are now one of the biggest security threats facing businesses and domestic users, said Microsoft.[10] Microsoft is trying to call businesses to action to help thwart computer security threats, encouraging software use guides and internal threat modeling.[21] To combat that threat, Microsoft has delivered free security tools to developers, along with documentation on the steps that it takes internally to create secure software. Thankfully, other major software companies including HP and IBM have bought security firms, and are making efforts to secure their software.[22] Microsoft did see a decline of machines infected with Zlob, a notorious Trojan horse that spread by tricking people into believing it was actually a media codec, which is software used to encode and decode audio or video. Microsoft's free tools such as MSRT will remove Zlob.[1]
"You want to make sure you have a firewall on your machine and run anti-virus software." Another worm, called Conficker, targeted business users, affecting 5.2 million machines in the first half of 2009. [27] The rise appears to be down to only two main offenders, Conficker, and the second the less well-known but almost as significant, Taterf. The well-publicised Conficker showed up 5.217 million times during scans carried out by the company in the first half of this year, with Taterf not far behind on 4.911 million infections.[12] For the first half of the year, Microsoft saw only 2.3 million infections, dropping drastically from the 21.1 million infections the company counted for the same period a year prior. Gullotto said that Microsoft received an e-mail from the supposed creators of Zlob saying that they were now "closing soon."[1] Microsoft also tracked a tenfold decrease in infections from Zlob, a Trojan that masquerades as a video player plug-in. Redmond said Zlob infections fell from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009.[2]
Trojans were the most prevalent type of malware worldwide during the last half of 2008 and remained at the top of the list during the first half of 2009, the report states.[24]
The growth of Internet worms was propelled by the growing reliance on thumb drives and other removable media tools, which resulted in the emergence and rapid replication of the notorious Conficker worm at the end of 2008 and first half of 2009.[23] A Conficker worm that plagued the Internet at the start of the year was so pernicious that a task force to combat it was formed by computer software and security firms.[5] Worms are the quickest growing security problem for Windows PCs this year according to Microsoft. It comes as '''drive-by downloads''' and adware become less of a problem.[31] Here are the definitions of Conficker and Taterf according to Microsoft: "Win32/Conficker: A worm that spreads by exploiting a vulnerability addressed by Security Bulletin MS08-067.[16] Taterf primarily targets massively multi-player online role-playing games, looking to harvest gaming credentials. It could be of concern in the corporate environment as it can transfer via USB keys brought in to the office and plugged into the corporate network, according to Microsoft. "In many ways it's the modern day version of an old boot sector virus," said Microsoft UK head of security Cliff Evans. "We'd recommend, in addition to automatic updates, firewalls and up-to-date anti-virus, that users never log into an account unless they're on a machine they trust, and don't download cracks or tips unless from a trusted server."[14] Cliff Evans, a senior security consultant at Microsoft, said that the Taterf virus used a variety of tricks to steal users' login information. Once hackers and cyber criminals had gained access to this data, they could sell the information on to a third party. "There's clearly a financial angle to it that makes it worthwhile," he told the BBC.[10]
"In the meantime, Microsoft continues to build a huge database of vulnerability information gleaned from many sources and from hundreds of millions of computers worldwide. That can only help improve security products such as the Forefront line." Have a comment on this story? Please click "Discuss" below.[4] The annoying messages only subside after buying the software for as much as $60. Microsoft continues to add detection for new families of rogue antivirus software in products such as Windows Defender and the MSRT, Gullotto said.[1] The end product is owned by you, ready for use as an image or PDF to be incorporated into presentations or interactive applications and sites. How do successful startups like SynapticMash survive in today'''s economy? Innovation gives them a leg-up; as does help from programs like Microsoft BizSpark. BizSpark is a program for software startups that provides development tools and technologies to build applications and server licenses to host them.[7]
Microsoft Security Essentials scored good in the testing, out of the sixteen anti-virus programs tested only three programs (Microsoft Security Essentials, Norton and eScan) scored good in removal of malware and removal of leftovers.[30] Erasmus adds that Microsoft is driving Windows Security Essentials, a free anti-malware service.[32]
The report, entitled, Microsoft Security Intelligence Report Volume 7, is based upon data collected worldwide from January through June 2009.[22] The seventh biannual Microsoft Security Intelligence Report, released today, is one of the most comprehensive on the market, as it uses Microsoft's extensive footprint on consumer and corporate desktops and the web.[14] The key findings from Microsoft's Security Intelligence Report Version 7 are available here (PDF).[2] Download Microsoft's key findings ( PDF ) for further results of the Security Intelligence Report v7.[21] In what some people might term as a case of Big Brother on steroids - or an in-depth anonymous analysis - depending on your viewpoint, Microsoft has published the latest version of its six monthly security intelligence report.[18]
"Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."[20]
Asked about expected information security threat trends for 2010, Kuo said: "Hopefully if we can get corporations to enact the recommendations we have surrounding network shares, that will take a big bite out of a worm's ability to spread in a corporate environment. [18] We hope soon that worms will be curtailed." Kuo warned that if companies do not protect their network shares, worms could rise from their second place to a number one information security threat.[18]
The top information security threat for corporate environments was the Conficker worm, but in home environments, the worm did not even reach the top 10.[18]
The number one worm threat, which was detected mainly in enterprise environments, was Conficker with more than 5 millions infected computers, according to the study.[11] Overall, Trojans are still the top threat type but no single Trojan achieved numbers as high as either worm, with the nearest, Renos, on 3.323 million infections.[12] More than 4.9 million have been hit by the worm Taterf in the last six months, a rise of 156% compared to the previous six months. Worm attacks have doubled while other threats, such as some Trojans and Adware, have decreased.[27]
Despite the resurgence of worms, Trojans remained the top malware threat for enterprises in the United States, as well as the United Kingdom, France and Italy. In China, many of the most prevalent malware families are Chinese-language threats that don't appear in the list of top threats for any other location, such as the browser modifier Win32/BaiduSobar, the report notes.[20] Microsoft warned that, unlike home users, enterprise IT environments were more exposed to the threat presented by worms because of unsecured file shares and removable storage.[16] Home users were less badly affected by the worm, because personal computers are more likely to have automatic security updates in place, patching against threats.[10]
Automated scareware blocking in Web browsers and efforts by law enforcement agencies to crack down on companies peddling rogue security software has helped curb the threat.[5] Miscellaneous Trojans, including rogue security software, remained the most prevalent category.[23] In a previous interview with CDN, Symantec Corp. executive, Marc Fossi, the executive editor and manager of security response for Symantec, said based on Symantec's research, the company has detected more than 250 distinct rogue security software programs around the world.[19]
Data tainting for malware analysis - part two : Continuing the three-part series on the use and advantages of full virtualization in the security field, Florent Marceau looks at the limitations of the technology. Detecting bootkits : Alisa Shevchenko and Dmitry Oleksiuk decided to find out whether anti-virus software has learned to cope successfully with Mebroot and MBR infectors in general a few years after the first appearance of this type of malware.[33] IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices.[12] Find pathways to security solutions, possibly peace of mind about your information security. Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with. This Taneja Group Solution Profile identifies the data protection optimizations available in the VMware vSphere environment.[8]
Microsoft's security report is based on data from "billions of scans a day" in more than 200 regions of the world.[5] Online gamers are the target of a "pervasive" computer worm which steals personal data, Microsoft has warned.[27] Fans of fantasy online multiplayer games like World of Warcraft or Lineage have been hit by a worm called Taterf, which steals personal data from the infected computer.[11] Taterf, in particular, is aimed at players of online multi-player games, attempting to steal login credentials. As with all worms, old or new, its most effective weapon is its ferocious ability to spread at great speed, looking for and infecting any drive connected to the host PC, including networked drives.[12] Win32/Taterf steals your online game login details. It spreads by copying itself to the root of all fixed and removable drives on the infected system, ensuring it gets executed by creating an 'autorun.inf' file. After its first day in MSRT, Taterf components had been removed from over 700,000 machines. It illustrates the need for organizations to have guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.[8]
Williams explained that Taterf's spread underscores the fact that many enterprises do not have sound policies regarding removable media. Enterprises need to take the time to develop guidelines for thumb drives as well as how they allow network connections from machines not managed by their IT resources, he said.[20] 'Most enterprises do not have a policy around scanning removable media before it is introduced to the network, and many also don't have a policy about antivirus software running on home computers where information might be carried back and forth from a home machine to a work machine or where that home machine might be used to connect to the corporate network,' Williams said.[20] Hackers dissect patches to identify weakness being repaired, then craft malicious code to take advantage of flaws in machines with software that isn't kept up-to-date. "A patch is released and that is what starts these days of risk" Williams said. "There is a window of vulnerability, so we need to close that window more quickly" he said.[5]
Jeff Williams, principal architect of Microsoft's Malware Protection Center, attributed the rise to the investment cybercriminals are making in finding new vulnerabilities to exploit beyond buffer overflows, for example, which were the attack vector for many early worms. [9] Jimmy Kuo, principal architect at the Microsoft Malware Protection Center, told Infosecurity : "Last year rogue jumped from obscurity to become the number one problem. This has now levelled off a bit.[18]
Microsoft's report also documents increased detection of password stealing and monitoring tools, which the report attributes to increasing malware attacks on online gamers. [6] The SIRv7 report documents some of Microsoft's success in battling malware creators.[6]
The best way to avoid worms, trojans, spyware and other malware is to switch to an inherently secure operating system, most notably Linux, BSD or Mac OSX. Their security derives largely from the fact that they are actually variants of UNIX, which was developed from the ground up as a secure operating system, rather than having feeble attempts at security tacked on as an afterthought. [21] Install Ubuntu RC 9.10 Karmic Koala and have a safe free existence from worms altogether. and trojans, and adware, malware, windows is naffware etc etc.[27]
"In addition, we protect users from anti-phishing and malware through Windows Defender. User account control has been toned down but still protects users from making critical mistakes which could expose them." According to Erasmus, Windows XP is almost 10 years old, and back then only 15% of devices were notebooks, while today, they make up almost 60%. He says Windows 7 is more vigilant than previous MS operating systems, and has targeted features such as network location to prevent users from accidentally sharing out information.[32] Windows PC users can hold their heads up high again - after the Vista fiasco Microsoft needed a big win, and Windows 7 might just be the ticket.[28] As part of Microsoft's strategy to boost security for Windows 7, it has added Windows Biometric Framework to support biometric authentication devices.[32] The October patch covers addresses flaws in Windows 7, Internet Explorer, Microsoft Office SQL Server, Microsoft Forefront, Silverlight and Developer Tools, as well as older versions of Windows.[32]
While unix is more secure than Windows, nothing is perfectly secure except not being connected to the net. Remember the first great internet worm, back in 1988? It was spread exclusively among unix machines.[21] The rise in worm infections can partially be attributed to Conficker, which hit almost 5 million machines starting approximately a year ago and carried into early this year.[9] The research, which covers January to June 2009, found that Trojans are still the single largest threat category, and that worm infections doubled.[14]
While Trojan viruses remain the biggest problem, worms have staged something of a comeback: after dropping consistently for the past three years, the proportion of security problems involving worms almost doubled to just under 25 per cent.[31] Were Microsoft truly concerned about security, it could have shifted to a Unix-like operating system, just as Apple did several years ago. Obviously they are not.[21] Three Minutes with Microsoft's Security Guru Don't judge Microsoft Security by the number of patch Tuesday bulletins, says Steve Lipner, director of security engineering.[1] Microsoft's study confirmed that systems using the most current service pack are the most secure, measured by the number of infections per 1,000 computers.[11] Although Microsoft issued a patch in October 2008, the worm continues to infect computers worldwide. The most common forms of cyber-threats are still prevalent, but their severity differs from country to country.[11] '''Computers in enterprise environments were much more likely to encounter worms during than home computers,''' the report states. That is because worms often spread through removable storage devices and unsecured file shares, which are widespread in organizations, the report added.[24] Conficker, which includes several variants that spread via removable devices, was also the top threat detected in enterprise environments, according to the report.[24]
According to the report, " orm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months."[17] Infection rates for Vista were found to be significantly lower than Windows XP in all configurations during the first half of 2009.[20] In the first six months of the year, the infection rate for Windows Vista was 61.9% less than it was for Windows XP SP3 and the infection rate for Windows Server 2008 RTM was 52.6% less than it was for Windows Server 2003 SP2, the report says.[6]
Conficker infections soared by the millions in January with the arrival of Conficker B, which introduced the ability to spread via the Autorun capability in Windows.[2] Conficker alarmed Microsoft so much when it appeared that Microsoft issued an emergency patch in October 2008 for the software vulnerability that allowed it to spread rapidly.[1] For the weaker Windows XP OS, 56.4 percent of the browser-based exploits targeted Microsoft software rather than that of third parties.[1] Colin Erasmus, head of Microsoft SA's Windows business, points out that the patch release is not a kneejerk reaction to something which was discovered and needed to be fixed. "The reason for the size of the combined updates is evident, as we were covering some very old operating systems such as Windows Server 2000 and some old editions of Office XP."[32] And, with the recently introduction of Small Business Server 2008 operating system from Microsoft you can automate key network tasks more efficiently.[28]
Finding the flaws in your operating systems and applications is only the beginning. You then need to plot a path to security and ensure that no new weaknesses find their way onto your network. In this Dark Reading Analytics report, we offer some step-by-step recommendations on how to do that.[4] Learn how eBay was able to automate their network security auditing and get meaningful, actionable reports. Whether you're protecting 5 servers or 5,000, this paper details the essential aspects of putting into place a measurable and sustainable vulnerability management program.[4]
As for some other info included in the report, the U.S. turned out to be roughly average in terms of computer security consciousness.[17] In many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.[4]
A point to note is that the test only focuses on the malware removal/cleaning capabilities of the security products installed on an infected system.[30] The fall in infected computers does not mean a fall in malware attacks, just that computers appear to be better protected, Kuo explained. Kuo recommended users to rely on reputable anti-malware products and not to be fooled into thinking that pop-up products are better than your anti-malware because they've 'found' malware on your machine: "All that it's doing is scaring you.[18]
The test itself pitted sixteen different security products against ten malware samples.[29] Some variants also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.[16]
A free antivirus product from Microsoft was touted for a year before it finally appeared.[25] Spam was dominated by product advertisement - primarily pharmaceutical products. The top data loss threat continued to be stolen equipment such as computers, which accounted for 30% of reported data loss incidents.[18] The bad guys spend 24 hours a day cooking up malicious Internet Web sites, unwanted advertisements you can'''t get rid of, annoying unsolicited emails slyly asking for your bank account access data and insidious software to rifle through your computers looking for sensitive financial information.[12] There were drops in adware (viruses which cause unwanted adverts to appear while using the internet) and Trojan downloaders (malicious software which automatically installs itself when users visit an '''infected''' web page.) It'''s important to note these rises and falls are in terms of the proportion of overall problems rather than the raw numbers.[31] Trojan horse programs -- which can download other malicious software -- were the biggest threat in the U.S., U.K., France and Italy.[1]
Criminals create trojan software that purports to protect users from malware, but does nothing more than steal personal information and obtain credit card information through false premise.[22] Of the remaining categories, Trojan Downloaders & Droppers, Miscellaneous Potentially Unwanted Software, and Adware all had relative declines, with the others remaining relatively stable from 2H08," Microsoft revealed.[16] Cyber criminals are moving with increasing speed when it comes to reverse engineering patches released to fix vulnerabilities in software programs or operating systems, according to Microsoft.[5] Microsoft: Vista Infected 62% Less Often Than XP The study found that for all Microsoft operating systems that the most current service pack is always the least infected and Vista was infected less-often than XP.[1]
Fewer PCs were found to have been infected in the latest reporting period: 13.7 million versus 16.8 million computers for the second half of 2008. [1] Windows 7 has an application called Homegroup, where users can share media files between computers in a home and use online identification to authenticate between computers.[32] Despite the myriad upgrade and installation bugs users are facing as of late, security experts say Windows 7 has it all over Vista when it comes to security.[23] The company's largest security update addresses vulnerabilities in a range of programs running under Windows 7.[32]
More like installing crappy programs, not understanding basic Windows, getting fooled at Google searches or navigating internet else where, simply being lazy/naive/click happy. Such people are hard to help with software.[29]
"The attackers' tactics may be getting more sophisticated, but fundamentally at the end of the day, you know that Microsoft.com is Microsoft.com. The same goes for any major security software ISV. They're going to have that trust and customers should understand they can go there for help rather than a pop-up that is randomly generated from the Web." [9] Kuo highlighted that countries and regions deploying community based defence against information security threats are largely successful in combating threats.[18] A memory stick carried in by a worker tends to bypass computer security systems designed to guard against hackers breaking in from outside the walls of a business, according to Williams.[5] Communication among businesses and ISPs is paramount to improving computer security, Williams said.[21]
The advice to users is just plain boring because we've been saying it for years: Stay up to date on everyone's security updates and run updated AV on all machines. [28] Even though fewer users were infected from January to June, cyber criminals have gotten better at including extra malware in rogue applications. The result is that, from a criminal perspective, they're able to monetize in two ways instead of one. From a user perspective, they have doubled the infection.[34] Worms now are the second most prevalent type of malware worldwide, up from formerly holding the fifth spot during the last half of 2008.[24] Starting by the dominance of worms into organisations ''' business are hit by worms, consumers by malware.[3]
The jump from fifth to second is due in large part to the widespread worm families Conficker and Taterf, the report states.[24] As a threat category, worms jumped from fifth to second place, boosted by the activity of the high profile Conficker and the less-well known Taterf.[14]
"The vulnerability that something like Conficker used was more difficult to find, more difficult to exploit. "But what this shows us is that the criminals are investing energy and expertise," he added. "It's clear from the developments around some of these different worms -- watching them change over time -- that there are criminal enterprises that are operating in a traditional, corporate-like fashion, where they have a release cycle and they have progressive development that adds new functionality over time."[7]
Spain and Korea saw the dominance of worms led by threats targeting online gamers. [18] Kuo told Infosecurity that the number of worms almost doubled from H2 2008 to become "the most significant threat" in H1 of 2009.[18]
Win32/Taterf: A family of worms that spread through mapped drives in order to steal login and account details for popular online games."[16] Kuo said it is therefore very important to have corporate guidelines and policies around the use of removable drives, and also to patch machines not yet updated with Microsoft's OS patch disabling auto play on some drives.[18]
In addition to better communication among Internet service providers to block malicious Web pages, experts said, high-speed Internet connections improve security because people are able to more quickly download security updates and patches. [21] Listen to IBM Internet Security Systems' take on network security convergence.[8]
Sixteen products have been tested using Windows XP Professional SP3 32bit computers. [30] An example of a worm stealing login credentials for gaming is Taterf, which has increased 156% to 4.9 million.[18]
SOURCES
1. Microsoft: Worms Are Most Prevalent Security Problem - Business Center - PC World
2. Security Fix - What Windows Autorun Has Wrought
3. Increase in activity of the Taterf worm sees prevalence of worm infections - SC Magazine UK
4. Microsoft Report: Worms Rise, New Vulnerabilities Decline - DarkReading
5. AFP: Worms infesting computers worldwide: Microsoft
6. Worms Invade Corporate Computers, Microsoft Finds -- InformationWeek
7. Microsoft: The worms rise again
8. MS Security Architect: Windows 7 Will Slash Malware
9. Computer worm infections up, scareware antivirus down, Microsoft says
10. Gamers new target for virus writers, warns Microsoft - Telegraph
11. Epoch Times - Microsoft Issues Windows Security Report, Warns Gamers Of Computer Worms
12. Worms back at top of Microsoft threat list - Techworld.com
13. Worms wriggle back into the enterprise - Computer Business Review : News
14. Trojans, worms and scareware plague UK firms - V3.co.uk - formerly vnunet.com
15. Microsoft warns about worm attacks | IT PRO
16. Worm Infections Explode Thanks to Conficker and Taterf - Reveals Microsoft - Softpedia
17. Microsoft Security Report Highlights Worm Problem
18. Infosecurity (UK) - Information security threats in H1 2009: malware and rogue security software
19. Rogue security software still key threat
20. Microsoft Security Report Underscores Weak Enterprise Security Policies
21. Computer worms resurge, Microsoft security report says
22. Malware Inc.: The Criminals Behind the Attacks | Technologizer
23. Microsoft Security Report: Internet Worms, Phishing Attacks On The Rise - Security - IT Channel News by CRN
24. Worm outbreaks climb, finds Microsoft threat report - SC Magazine US
25. Microsoft Security Essentials rated best free antivirus software - VISTA.BLORGE
26. The worm turns on online gamers | Security | News | PC Pro
27. Microsoft Warns Online MMORPG Gamers Targeted By Taterf Worm: Latest Security Research Released | Technology | Sky News
28. Disinfections Drop in Microsoft Anti-Malware Report - Reviews by PC Magazine
29. Microsoft Security Essentials Rated Highly In AV-Comparatives Test
30. Microsoft Security Essentials rated high in Malware removal tests
31. Worms on the rise according to Microsoft security report - VISTA.BLORGE
32. MS boosts Windows 7 security | ITWeb
33. Virus Bulletin : News - November issue of VB published
34. Microsoft Security Report: Number of Worms More Than Doubled | Security | ITBusinessEdge.com
GENERATE A MULTI-SOURCE SUMMARY ON ANY SUBJECT
Enter your search query below. WAIT 10-20 sec for the new window to open.
Get more info on What Windows Autorun Has Wrought by using the iResearch Reporter tool from Power Text Solutions.
 |
|  |
|
