Microsoft Outlines Rogue Anti-virus, Data Breach Threats

In the latest edition of its Security Intelligence Report, Microsoft officials point to the spread of rogue anti-virus programs as a significant threat users are facing. The company also outlined the data breach threat posed by insiders, as well as an increase in the number of Microsoft vulnerabilities it was forced to patch.

Rogue anti-virus has emerged as one of the most prevalent threats to end users in 2008, according to Microsoft's latest Security Intelligence Report.

Also known as scareware, bogus anti-virus programs lure users into paying for software that, unbeknownst to them, offers either little or no real protection, and is sometimes designed to steal data.

"Of the top 25 malware or potentially unwanted software families that we had information on in the second half of 2008, seven of those had some connection to rogue security software," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center.

Two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, placing them into the top 10 threats for the second half of the year. In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6 percent over the first half of 2008, according to Microsoft.

Those pushing the software are preying on the public's healthy skepticism about the Internet, he added. The findings come as little surprise. Earlier this year, Finjan reported it had uncovered a scareware affiliate network that made an average of $10,800 a day.

"Rogue security software is clearly software that's been making quite a big splash if you will over the past year," Gullotto said.

The report also showed attackers are continuing to focus on the application layer. Nearly 87 percent of vulnerabilities disclosed during the second half of 2008 involved applications. About nine percent were operating system vulnerabilities, while 4.5 percent involved browsers.

The number of vulnerabilities the company itself addressed surged in the second half of the year by roughly 67 percent when compared with the first six months of 2008. For the full year, Microsoft released 78 security bulletins covering 155 vulnerabilities, numbers equal to the total addressed in 2006 but representing a nearly 17 percent increase over 2007.

The report also showed that the No. 1 reason for data breaches remains lost and stolen equipment. The finding mirrors studies by groups like the Ponemon Institute and the Identity Theft Resource Center, which have shown repeatedly insiders continue to be the No. 1 point of failure when it comes to securing data.

"For the second report in a row what we find is that stolen or lost equipment seems to account for about 50 percent of all reported data breaches," Gullotto said. "So that's a pretty dramatic difference when you take a look at the fact that only about 20 percent ... [of the time] did a security breach come from some bit of hacking or a piece of malware specifically. I think what we find in some of this is that this information reinforces the need for appropriate governance and policies around data and procedures."