Microsoft Security Intelligence Report - July to December 2007
I have been reading through the Microsoft Security Intelligence Report covering the period July through to December 2007 over the past few days. Although the bulk of the report focuses on security vulnerabilities, there are statistics specific to "rogue security software" (aka fraudware) and "potentially unwanted software" that I found interesting:
- The most prevalent rogue security software detected in the second half of 2007 was Win32/Winfixer, with more than five times as many detections as any other single family. The report notes that "many of the more prevalent malware families rely on social engineering tactics that trick the user into taking action that bypasses or lessens the effectiveness of the user's existing protection". I'm hoping as time goes on that I will see fewer "get Firefox" or "get a Mac" comments in response to reports of various fraudware outbreaks, as people come to realise that such responses do not address the base problem of social engineering.
- The most prevalent malware family (as distinct to rogue security software) was Win32/Zlob, being removed more than 3 times as often as the second half of 2007 (and from twice as many computers) as any other individual malware family. Often disguised as a media codec (there's that social engineering again), Zlob uses pop-up advertisements and fake security alerts to encourage the victim to install, you guessed it, rogue security software.
- The second most prevalent malware family was Win32/Renos. Renos, like Zlob, is used to install rogue security software. Renos was found to have infected 79% more distinct computers during the second half of 2007 than was detected during the first half of the year.
- The top potentially unwanted software family detected in the second half of 2007 was Win32/Hotbar (which, ironically, I have seen advertised via the Windows Live Messenger advertising pane). Win32/Hotbar was in 4th place during the first half of the year.
- 129.5 million pieces of potentially unwanted software were detected between July 1 and December 31 2007, resulting in 71.7 million removals. This is an increase of 66.7% in total detections and 55.4% in removals over the first half of 2007.
- Adware remains the most prevalent category of potentially unwanted software in the second half of 2007, an increase of more than 66%, from 20.6 million detections to 34.3 million detections.
- The most infected country/region in Europe is Albania; the least infected country/regions in Europe are Austria and Finland. In the Asia-Pacific region the most infected countries/regions are Mongolia and Vietnam and the least infected Taiwan and Japan.
- When prompted about rogue security software, nearly 60 percent of users choose to remove it immediately, with a large proportion of the rest choosing to quarantine the software (I admit to not understanding why only 60% of users are removing rogue security software).
It should be noted with regards to points 3, 5 and 6 that some of the increase can be attributed to an increase in the number of computers running Microsoft's detection and removal tools, and "changes in the distribution practices for different pieces of potentially unwanted software [that] can have an effect on how many people are exposed to it and how often, and how they tend to respond to alerts raised about the software".
You can get your own copy of the Microsoft Security Intelligence Report at this URL:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BCC879DB-9FE6-4331-B231-E274EA8FC804&displaylang=en