Microsoft: Rogue 'security' software a rising threat

In its latest security report, Microsoft also says hackers look for flaws in applications to infect computers

Fake security software programs along with attacks using vulnerabilities in applications continued to pester Internet users in the last half of 2008, according to Microsoft's latest security report.

The bogus security software programs often offer a free scan that falsely says a user's computer is infected. If installed, the programs are ineffective against malicious software. Security experts have theorized that those behind the programs reap lucrative profits.

Microsoft detected two Trojan horse programs, Win32/FakeXPA and Win32/FakeSecSen, masquerading as security software on more than 3 million computers in the last six months of 2008, according to the company's Security Intelligence Report, published every six months.

With the Washington state attorney general, Microsoft launched eight lawsuits in September 2008 aimed at tracking down those responsible for perpetrating the scams.

Software vulnerabilities dropped 3 percent in the last half of 2008 compared to the first six months of the year, the report said. But more than half of all of the vulnerabilities were considered "high severity" under the Common Vulnerability Scoring System (CVSS).

Also, more than half of those problems were considered pretty easy to exploit, putting Internet users at greater risk.

Microsoft software contained six of the top 10 browser-based vulnerabilities used by hackers against computers running Windows XP.

Hackers also continued to try to exploit older vulnerabilities in Microsoft applications. The most frequently exploited flaw in Microsoft Office, CVE-2006-2492, was patched more than two years ago yet is still targeted by 91.3 percent of attacks against the software suite.

In 2008, Microsoft released a total of 78 security bulletins that fixed 155 vulnerabilities, which represented a 16.8 percent increase over 2007, Microsoft said.

Attackers also looked to exploit problems in other third-party software from vendors such as Adobe, whose PDF (Portable Document Format) reader is widely used.

Adobe has had several security vulnerabilities over the last year in its Reader product. Microsoft said it saw more than double the number of attacks aimed at PDF in July 2008 as it did in the whole six months prior.

Vulnerabilities in Microsoft Office file formats and PDFs are golden for hackers, since people can often be persuaded to open the documents using social engineering tricks via e-mail.

Microsoft said more than 97 percent of e-mail messages are unwanted because they either contain malicious attachments, are spam or promote a phishing site.

The U.S. remained the No. 1 country for hosting phishing sites, the report said. The state of Texas hosted the most of all, according to Microsoft.

Join the PC World newsletter!

Error: Please check your email address.

Tags Microsoftrogue softwaresecurityphishingtrojanmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?