Microsoft security software detected rogue security software on nearly 3.5 million fewer PCs in the first six months of 2009 compared to a previous six-month period, but worm infections doubled during that same time.
These findings were revealed in Microsoft’s seventh Security Intelligence Report (SIR), dubbed "SIRv7," which was released on Monday. The report covers the first half of 2009. Among the conclusions in SIRv7: although the threat of rogue security software is gradually declining, it remains a significant threat to corporate PC environments.
"Microsoft detected and cleaned rogue security software on 13.4 million computers in SIRv7, down from 16.8 million in SIRv6—an improvement, but still a significant threat," said Jeff Williams, principal group program manager of the Microsoft Malware Protection Center, in a statement emailed to InternetNews.com.
Rogue security software, commonly referred to as "scareware," pretends to be legitimate security software and claims to have found "infections" on the user’s computer. It then generates continuous alerts or warnings, informing users that malware has been detected and they should purchase software to remove the infection. In reality, the only infection present is the scareware itself.
**RELATED ARTICLES**
To mitigate the threat of scareware, Microsoft (NASDAQ: MSFT) recommends using an antimalware tool from a trusted vendor and ensuring that antimalware definitions are kept up to date.
"Rogue security software remained the single largest threat category for the first half of 2009," the report stated. Scareware was also highlighted in the previous report—SIRv6, which was released in April and covered the second half of 2008.
In 2008, scareware attacks were increasing. However, in 2009, Microsoft reported that its antimalware technologies helped reduce the infection rate.
A second conclusion in SIRv7 found that in the first half of 2009 there was a resurgence of worm infections. These infections doubled since the release of SIRv6, primarily due to increased detections of the worm families Win32/Conficker and Win32/Taterf, according to the report.
**LATEST NEWS**
Conficker was the top worm threat detected in enterprise environments because its method of propagation works more effectively within a firewalled network environment, the report noted. However, Conficker is not among the top 10 worms infecting consumer machines, as home computers are more likely to have automatic updating enabled, the report added.
"The worms of today rely heavily on access to unsecured file shares and removable storage, both of which are plentiful in enterprises," Williams said.
Among the report's recommendations, IT departments should ensure that applications are regularly updated, secure all file shares, regulate the use of removable media such as thumb drives, and evaluate processes for connecting with external PCs.