March of The Trojans

Millennia ago, the blind poet Homer described the first Trojan Horse, which led to the downfall of the ancient city of Troy. In modern times, the digital Trojan Horse may be becoming as potent as its predecessor — with Microsoft reporting a 300 percent increase in Trojan infections in the second half of 2007.

The revelation comes from Microsoft’s latest Security Intelligence Report (SIR), which pulls data from a massive pool of approximately 450 million computers running the company’s software, including the Malicious Software Removal Tool (MSRT).

As a result, the SIR has one of the broadest survey bases of any publicly available security research report.

The SIR study found that the second half of the year saw a nearly 67 percent increase in unwanted software detections, totaling a staggering 129.5 million pieces of software across the Microsoft user base.

Even with all those detections, there could be even more unwanted malware going undetected on users’ computers, according to researcher Doug Camplejohn, CEO of security firm Mi5 Networks.

“Based on the number of Trojans Mi5 sees in organizations with one or more desktop defenses in place, no vendor has got Trojan detection completely nailed,” Camplejohn told InternetNews.com. “Security is a journey, not a destination, so a single point of protection or even a suite from a single vendor can never match a best-of-breed combination from multiple vendors.”

In terms of the growth of Trojans as an infection route, the latest SIR report continues following a trend that stretches as far back as 2006, when Microsoft began warning about increasing numbers of Trojan infections.

Camplejohn said he suspects the ballooning numbers of Trojans during the second half of 2007 is related to the rise of botnets like Storm, which use Trojans as their primary infection method.

Though the rate of Trojan growth may well be alarming, Microsoft’s report is not all doom and gloom. For one thing, the SIR study actually showed a decline of 15 percent for reported security vulnerabilities during the second half of the year.

“The decline in vulnerability disclosures was the first since 2003, when a half-year period declined ever so slightly from its previous period,” Jimmy Kuo, principal architect of the Microsoft Malware Protection Center (MMPC) told InternetNews.com. “We’ve had a continual trend of increases since, and thus the decline was somewhat unexpected.”

Kuo explained that the decline in new vulnerability disclosures can likely be attributed to a number of factors. One factor could be simply just a general flattening of vulnerability discoveries.

The disclosure increases observed in 2006 also could have been an atypical spike, with the 2007 numbers more representative of the overall trends.

“Additionally, as exploitation of vulnerabilities for monetary gain increases, discoverers may have a financial incentive to remain silent on new vulnerabilities,” Kuo added.

Microsoft isn’t the only one seeing a decline in new vulnerabilities in 2007. In a November 2007 report, the SANS Institute also noted that for the first time in years, zero-day exploits were decreasing in number.