Bogus security software growing threat: Microsoft

April 8, 2009 by Glenn Chapman Hackers are increasingly hiding viruses in bogus computer security software

Enlarge

A man surfs the internet in Beijing, September 2007. Hackers are increasingly hiding viruses in bogus computer security software to trick people into installing treacherous programs on machines, Microsoft warned.

Hackers are increasingly hiding viruses in bogus computer security software to trick people into installing treacherous programs on machines, Microsoft warned on Wednesday.

The software giant said in a intelligence report that "rogue security software" is a growing threat as hackers take advantage of people's fears of worms such as the notorious Conficker.

"Rogue security software is the number one threat worldwide," said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft.

"If you think about the Conficker case, how many people went looking for a security solution and downloaded rogue malware?"

Rogue security software referred to as "scareware" pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee.

"The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information," Microsoft said.

Two "rogue families" of scareware were detected in 1.5 million computers, according to Microsoft. Another form of scareware was found on 4.4 million computers, a rise of 66 percent from the previous six-month period.

"That means when users downloaded the software they probably gave away and got infected," Stathakopoulos said. "That's a double hit."

Microsoft releases security reports twice annually. Stathakopoulos expects scareware infections to soar in the first six months of this year because of massive hype regarding Conficker.

The Conficker worm's April 1st trigger date came and went without the bedeviling causing any mischief but security specialists warn that the threat is far from over.

The virus evolved on April Fools' Day to better resist extermination and make its masters tougher to find.

A task force assembled by Microsoft has been working to stamp out Conficker, also referred to as DownAdUp, and the software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Conficker could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Microsoft's report found that as operating system defenses have improved cybercriminals have shifted attacks to software applications people use in their online lives.

Ruses such as bogus software updates or security checks and booby-trapped Web pages or emails are among "social engineering" scams hackers use to dupe people into allowing malicious software past computer defenses.

"We see cybercriminals increasingly going after vulnerabilities in human nature rather than software," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center.

Stathakopoulos urged people to keep computer applications and anti-virus software updated and to be wary of online come-ons by strangers.

"Use a little common sense," Stathakopoulos counseled.

"If you browse the Web and someone you never met before is offering you a lot of money, it is probably not a good thing ... You wouldn't buy medicine from people you didn't know."

Despite the increasingly wily tactics employed by hackers, the primary causes of data breaches were classic real-world problems of loss or theft of computer equipment, according to Microsoft.

The report, based on data gathered from hundreds of millions of computers worldwide during the second half of 2008, said half of security breaches involved computer gear vanishing, not being hacked.

"For businesses, the security concern is the laptop you left in the cab or the CD-ROM you left in the bar," Stathakopoulos said. "Encryption is so important."

(c) 2009 AFP


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4 /5 (4 votes)

Rank Filter

Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

  • docatomic - Apr 08, 2009
    • Rank: not rated yet
    I thought 'conficker' was merely the hype generated by antivirus firms fearful of the present economic downturn; however, this article seems to point out a different possibility. More obfuscationary tactics?

April 8, 2009 all stories

Comments: 1

4 /5 (4 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Conficker worm plays no tricks on April Fools' Day
    created Apr 02, 2009 | popularity not rated yet | comments 0
  • Conficker worm digs in around the world
    created Apr 01, 2009 | popularity not rated yet | comments 0
  • New homeland security tool to detect Conficker worm
    created Mar 30, 2009 | popularity not rated yet | comments 0
  • Conficker Worm Prepares For A New Release On April 1
    created Mar 27, 2009 | popularity not rated yet | comments 0
  • Help! How to avoid fast-moving computer worm
    created Jan 28, 2009 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

Other News

A system of space solar power system (SSPS)

Japan eyes solar station in space as new energy source

Technology / Energy

created 22 hours ago | popularity 4.7 / 5 (13) | comments 19

It may sound like a sci-fi vision, but Japan's space agency is dead serious: by 2030 it wants to collect solar power in space and zap it down to Earth, using laser beams or microwaves.


Software cos. eye key patent case in Supreme Court (AP)

Software cos. eye key patent case in Supreme Court

Technology / Business

created 22 hours ago | popularity 5 / 5 (4) | comments 2

(AP) -- With the technology industry looking on, the Supreme Court on Monday will explore what types of inventions should be eligible for a patent in a pivotal case that could undermine such legal protections ...


Framed for child porn -- by a PC virus

Framed for child porn -- by a PC virus

Technology / Internet

created 14 hours ago | popularity 5 / 5 (5) | comments 2

(AP) -- Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.


Campaigners are stepping up efforts to curb online tracking

Advertisers face resistance to on-line tracking

Technology / Internet

created 21 hours ago | popularity 5 / 5 (4) | comments 0

Campaigners are stepping up efforts to curb online tracking of Internet use by firms that deliver adverts tailored to the specific interests of consumers, as polls reveal widespread unease with the practice.


Sony offers 'Cloudy' early to people with its TVs

Technology / Business

created 14 hours ago | popularity not rated yet | comments 0

(AP) -- In a bid to sell living room electronics and spur buzz for "Cloudy with A Chance of Meatballs," Sony Corp. is offering the movie for free to U.S. buyers of its Internet-connected TVs and Blu-ray players starting ...




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter