April 8, 2009

Malware Causes Users To Download Infected Software

A Microsoft Corp report published on Wednesday showed that computer users' growing fear of worms and viruses could be behind a recent spike in attacks on PCs via bogus security software, Reuters reported.

With malware such as the Conficker worm and others increasing, a growing number of computer users have been looking for security programs online, some of which turn out to be agents for viruses themselves.

Microsoft's twice yearly Security Intelligence Report showed that out of hundreds of millions of PCs monitored by the world's largest software maker, seven of the 25 top security threats came in the form of fake security programs.

The software maker said it cleared 4.4 million PCs of the most successful bogus security program in the last six months of 2008.

George Stathakopoulos, head of product security at Microsoft's Trustworthy Computing Group, said that was a 67 percent increase over the first half of 2008.

Stathakopoulos said the sudden jump in attacks from what Microsoft calls "rogue" security software, or "scareware" could be a part of the fear of Conficker.

The report suggested that more security-conscious consumers are being tricked by insistent or alarming pop-up warnings asking them to pay for virus protection. Meanwhile, many of these downloads are actually malware designed to steal personal information.

"We see cybercriminals increasingly going after vulnerabilities in human nature rather than software," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center.

Security software makers such as Symantec Corp, McAfee Inc and Trend Micro Inc agree that the phenomenon of "scareware" is a headache.

However, even legit security software makers have played a role in raising fears about malware, such as Conficker, and have even profited from it.

The Conficker worm is believed to have infected millions of PCs, essentially allowing criminals to control them remotely. So far, no significant disruption has yet occurred.

The Microsoft report"”which only reflects PCs using Microsoft systems, and does not include Linux operating systems or Apple Inc computers"”said "unique vulnerability disclosures" or instances of software security problems, actually fell 3 percent in the second half of last year from the first half.

However, number defined as "high severity" rose 4 percent.

Microsoft has provided the full report as well as guidance on how to avoid viruses at www.microsoft.com/sir.