Microsoft security software found rogue security software on nearly 3.5 million fewer PCs in the first six months of 2009 than it found in a six month period prior, but worm infections doubled during that same period.
Those revelations came in Microsoft’s seventh Security Intelligence Report (SIR) – dubbed “SIRv7” — released on Monday. The report covers the first half of 2009. Among the conclusions in SIRv7: although the threat of rogue security software is gradually subsiding, it remains a top threat to corporate PC environments.
“Microsoft detected and cleaned rogue security software on 13.4 million computers in SIRv7, down from 16.8 million in SIRv6—an improvement, but still a significant threat,” Jeff Williams, principal group program manager of the Microsoft Malware Protection Center, said in a statement e-mailed to InternetNews.com.
Rogue security software, commonly referred to as “scareware,” pretends to be security software and claims to have found “infections” on the user’s computer. It then pops up continual alerts or warnings, informing users that malware has been detected and they should purchase software to remove the infection. As it turns out, the only infection is the scareware.
In order to alleviate the threat of scareware, Microsoft (NASDAQ: MSFT) recommends using an antimalware tool from a trusted vendor and endeavor to keep antimalware definitions up to date.
“Rogue security software remained the single largest threat category for the first half of 2009,” the report said. Scareware was also highlighted in the previous report — SIRv6, which came out in April and covered the second half of 2008.
In 2008, scareware attacks were on the rise. In 2009, however, Microsoft said its antimalware technologies helped reduce the infection rate.
A second conclusion in SIRv7 found that in the first half of 2009 there was a resurgence of worm infections. Such infections doubled since the release of SIRv6, primarily because of increased detections of the worm families Win32/Conficker and Win32/Taterf, the report said.
Conficker was the top worm threat detected in the enterprise because its method of propagation works more effectively within a firewalled network environment, according to the report. However, Conficker is not in the top 10 worms infecting consumers, because home computers are more likely to have automatic updating enabled, the report added.
“The worms of today rely heavily on access to unsecured file shares and removable storage, both of which are plentiful in enterprises,” Williams said.
Among the report’s recommendations, IT should make certain that applications are regularly updated, and to secure all file shares and regulate the use of removable media, such as thumb drives, as well as evaluate processes for connecting with outside PCs.
Microsoft has posted the full SIRv7 report online.