Microsoft Outlines Rogue Anti-virus, Data Breach Threats | eWeek

Microsoft Outlines Rogue Anti-virus, Data Breach Threats

Écrit par
Brian Prince
Brian Prince
Apr 8, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Rogue anti-virus has emerged as one of the most prevalent threats to end users in 2008, according to Microsoft’s latest Security Intelligence Report.

Also known as scareware, bogus anti-virus programs lure users into paying for software that, unbeknownst to them, offers either little or no real protection, and is sometimes designed to steal data.

“Of the top 25 malware or potentially unwanted software families that we had information on in the second half of 2008, seven of those had some connection to rogue security software,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center.

Two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, placing them into the top 10 threats for the second half of the year. In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6 percent over the first half of 2008, according to Microsoft.

Those pushing the software are preying on the public’s healthy skepticism about the Internet, he added. The findings come as little surprise. Earlier this year, Finjan reported it had uncovered a scareware affiliate network that made an average of $10,800 a day.

“Rogue security software is clearly software that’s been making quite a big splash if you will over the past year,” Gullotto said.

The report also showed attackers are continuing to focus on the application layer. Nearly 87 percent of vulnerabilities disclosed during the second half of 2008 involved applications. About nine percent were operating system vulnerabilities, while 4.5 percent involved browsers.

The number of vulnerabilities the company itself addressed surged in the second half of the year by roughly 67 percent when compared with the first six months of 2008. For the full year, Microsoft released 78 security bulletins covering 155 vulnerabilities, numbers equal to the total addressed in 2006 but representing a nearly 17 percent increase over 2007.

The report also showed that the No. 1 reason for data breaches remains lost and stolen equipment. The finding mirrors studies by groups like the Ponemon Institute and the Identity Theft Resource Center, which have shown repeatedly insiders continue to be the No. 1 point of failure when it comes to securing data.

“For the second report in a row what we find is that stolen or lost equipment seems to account for about 50 percent of all reported data breaches,” Gullotto said. “So that’s a pretty dramatic difference when you take a look at the fact that only about 20 percent … [of the time] did a security breach come from some bit of hacking or a piece of malware specifically. I think what we find in some of this is that this information reinforces the need for appropriate governance and policies around data and procedures.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.