Microsoft Security Intelligence Report Shows Rogue Security Software a Top Threat to Internet Users


REDMOND, Washington, April 8 /PRNewswire/ --

- Cybercriminals take advantage of increased online savvy and human 
nature.

Microsoft Corp. today released the sixth volume of its Microsoft Security
Intelligence Report, which showed a significant increase in rogue security
software and evidence that threats are predominantly targeting common
third-party desktop applications. This version of the report also showed that
the No. 1 reason for data breaches remains lost and stolen computer
equipment.

(Logo: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO)

Released twice a year, the Microsoft Security Intelligence Report uses
data gathered from hundreds of millions of computers worldwide to provide an
in-depth snapshot of the threat landscape. With this volume, which covers the
second half of 2008, Microsoft provides more information and insight about
threats than ever before by offering new data on document file format
attacks, the differences in malware affecting home and business computers,
and phishing.

Rogue security software, also known as "scareware," takes advantage of
users' desire to keep their computers protected. The rogue software lures
them into paying for protection that, unknown to them, is actually malware
offering little or no real protection, and is often designed to steal
personal information. The Microsoft Security Intelligence Report shows that
such programs are now among the top threats around the world. For example,
two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more
than 1.5 million computers by Microsoft software, catapulting them into the
top 10 threats in the second half of the year. In addition, Win32/Renos, a
threat that is used to deliver rogue security software, was detected on 4.4
million unique computers, an increase of 66.6 percent over the first half of
2008.

Rogue security software and other social engineering attacks such as
these compromise people's privacy and are costly; some take personal
information and drain bank accounts, while others infect computers and rob
businesses of productivity.

"We continue to see an increase in the number of threats and complexity
of those threats designed to implement crime at a variety of levels online,"
said Vinny Gullotto, general manager of the Microsoft Malware Protection
Center. "But as Microsoft and the industry continue to improve the security
of our products and people become more concerned about their online safety
and privacy, we see cybercriminals increasingly going after vulnerabilities
in human nature rather than software. By working with others across the
industry, Microsoft is helping combat the next generation of online threats
through a community-based defense resulting from broad industry cooperation
with law enforcement and the public."

The Security Intelligence Report also showed that as software companies
have improved the security of their operating systems, attackers have shifted
their focus to the application layer, where the majority of vulnerabilities
are now being reported; nearly 90 percent of vulnerabilities disclosed in the
second half of 2008 affected applications. The report also showed that
Microsoft continues to make significant progress in secure software
development and that newer versions of Microsoft software are more secure
than previous versions.

Finally, the Security Intelligence Report showed that lost and stolen
equipment, not computer hacking, continues to be the most common cause of
security breaches resulting in data loss publicly reported in the second half
of 2008 - totaling 50 percent of reported incidents. To mitigate this threat,
organizations must implement strong data governance practices to help protect
data from criminal access.

Based on the key findings from the report, Microsoft is calling on the
technology industry, law enforcement and policy makers to continue to work
together to develop new ways to deter online criminals and help protect
people online. Microsoft will continue to work with others toward its End to
End Trust vision for a safer, more trusted Internet, which will require broad
industry collaboration and technology innovations that are aligned with
social, economic and political forces. Microsoft also recommends that
customers and organizations use the data and prescriptive guidance outlined
in the Microsoft Security Intelligence Report to assess and improve their
security practices. The proactive steps Microsoft recommends for individuals
and businesses include these:

- Configure computers to use Microsoft Update instead of Windows
      Update; this will ensure the receipt of security updates for Microsoft 
      Office and other Microsoft applications, as well as security updates 
      for Microsoft Windows operating systems. More information on how to do 
      this is available at http://support.microsoft.com/kb/311047.
    
    - Make sure that updates also are enabled when possible for
      third-party applications.

    - Use an anti-malware product from a known, trusted source, and
      keep it updated. Be cautious not to follow advertisements for unknown
      software that appears to provide protection (rogue security software).

    - Avoid opening attachments or clicking on links to documents in
      e-mail or instant messages that are received unexpectedly or from an 
      unknown source.

    - Enterprise customers should ensure that policies are in place
      to help secure all file shares and regulate the use of removable media.

    - Enterprise customers should use the Microsoft Security
      Assessment Tool (MSAT), available at
      http://technet.microsoft.com/en-us/security/cc185712.aspx, to help 
      assess weaknesses in their IT security environment and build a plan to
      address the risks.

    - Enterprise customers should help control the use of remote
      management software.

    - Detailed help and guidance on helping secure the home computing
      environment is available on the Security at Home Web site at
      http://www.microsoft.com/protect.



A full list of Microsoft's guidance, a downloadable version of the
Security Intelligence Report, volume 6, and other related information is
available at http://www.microsoft.com/sir.

Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in
software, services and solutions that help people and businesses realize
their full potential.

Latest news

	Latest untethered jailbreak released for iOS 5.1.1 (26 May 2012 18:15) The Chronic Dev Team has released the latest version of their untethered jailbreak for iOS devices running 5.1.1. Says the blog post: "After copious amounts of work and many sleepless nights, ....
	Siri blocked from use on IBM internal networks (26 May 2012 18:08) IBM has understandably blocked the voice-activated digital assistant from its work networks. As 'Big Blue' confirms, Siri has been blocked due to the fact that Siri sends everything you ever .... 1 user comment
	Cisco kills off development of 'Cius' tablet (26 May 2012 18:00) Cisco has decided to pull the plug on its failed Cius tablet. The Cius, which was released in 2010 and aimed at enterprise customers, had a focus on business video conferencing and specifically ....
	Galaxy S III to hit U.S. and Canada on June 20th? (26 May 2012 17:54) Although Samsung unveiled the flagship device earlier this month, there has yet to be a set timetable for its release outside of Europe. Today, the Verge is reporting that the device will ....
	5000 books return to Kindle Store after dispute ends (26 May 2012 17:50) Thanks to a contract negotiation dispute between Amazon and the Independent Publishers Group, the giant e-tailer pulled 5000 titles from the Kindle Store back in February. As of today, however, ....