The return of the worm
According to Microsoft's Security Intelligence Report 2009, phishing and worm infections both rose in the first half of 2009. In particular, the company reports a significant increase in the number of phishing attacks on web-based social networks. Between January and June of this year, phishers are reported to have widened their attacks to capture access data for gaming websites, portals and the websites of major corporations.
Interestingly, in its security report for the first six months of this year, released in August, IBM came to the conclusion that phishing was going out of fashion, observing that phishing email made up just 0.1 per cent of total spam volume over this period. In the same period of last year the figure stood at between 0.2 and 0.8 per cent. By contrast, the IBM report found that the proportion of password-stealing trojans had increased.
Microsoft reaches the same conclusion about trojans, but its report reveals a mixed picture when considering different types of trojan. The number of download and dropper trojans has decreased, but this is counterbalanced by the increase in password-stealing trojans. The report also notes that the distribution of backdoor trojans remains at a constant low level, but that "miscellaneous trojans" remain at a constant high level of 35 per cent, making them once again the top malware.
Having long been on the wane, worms have bounced back to take second place in the malware statistics, almost exclusively as a result of the continued high rate of spread of Conficker, particularly in enterprise environments. By contrast, in home environments Conficker does not even make the list of top ten most common threats. More common in home environments is Taterf, which steals login data for online games.
Source: Microsoft According to Microsoft, computers in enterprise environments protected by Forefront Client Security were infected with worms significantly more frequently than home computers running Windows Live OneCare – the company neglects to offer its interpretation of this fact.
The infection rate for Windows Vista SP1 over the study period was around 62 per cent lower than that for Windows XP SP3. Scareware remains a major problem, despite the fact that Microsoft's anti-virus solutions cleared 13.4 million Windows PCs of this type of malware in the first six months of this year. This compares with a figure for the final six months of 2008 of 16.8 million scareware infections. Scareware tries to fool users into believing that their PC is infected, for example via banner ads or web pages. These banner ads lead to websites pushing decidedly dodgy anti-spyware and anti-virus products. The criminals behind this type of scam are increasingly using legitimate websites manipulated via security vulnerabilities. This also applies to drive-by downloads.
The complete 232 page Microsoft Security Intelligence Report, Volume 7 can be downloaded from Microsoft's Malware Protection Center.