Microsoft study says trojans run rampant
Microsoft has published its fourth Security Intelligence Report. This study is based on statistics collected by the vendor's Malicious Software Removal Tool (MSRT), which looks for contaminations on computers and is updated every Patch Tuesday. At the end of 2007, Microsoft says that it was shipped out to 450 million computers worldwide.
The report says that during the first half of 2007, MSRT detected and removed approximately 6 million Trojan droppers and downloaders from computers running under Windows. Over the second half of 2007, MSRT detected and removed around 19 million, a rise of over 300 percent. Microsoft's security experts also reported an increase in the discovery of forged security software. Trojan downloaders install such software, or it can arrive on computers by means of social engineering. Interestingly, MSRT found Win32/Winfixer five times more often than any other protection software.
The number of computers "infected" with undesired software, such as adware, also increased, as did the frequency of other potential security risks. Redmond says that almost 130 million infections with such software were discovered, with MSRT removing nearly 72 million such cases. The report says that the most commonly discovered unwanted software family was Win32/Hotbar, which provides toolbars and skins for Internet Explorer – and in return, monitors your surfing so that it can provide targeted advertising in pop-up windows, in addition to tacitly downloading and installing updates and possibly other software from its servers.
On a per-computer basis, Microsoft found most contaminants in developing nations; in the industrialized world, computers were infected less often. Overall, MSRT removed 40 percent more contaminants in the second half of 2007 than in the first half.
Microsoft's experts also made another interesting observation: almost the same frequency of malicious code that exploits vulnerabilities in certain – not further specified – Microsoft products listed in the Common Vulnerabilities and Exposures (CVE) database. In 2006, there were exploits for 32.7 percent of these vulnerabilities compared to 32.2 percent in the second half of 2007. Another salient aspect in the comparison of old and new products was that there were reportedly fewer exploits for new products than for old ones, such as the Office suite.
The Security Report can be downloaded from Microsoft's website. Unfortunately, the link to the PDF version does not work yet. At the moment, the report can only be downloaded in Microsoft's competing XPS format, or as an Office document.
- Microsoft Security Intelligence Report (July - December 2007), Microsoft's study
- Microsoft Security Intelligence Report, overview of all previously published Security Intelligence Reports