Here at the Microsoft Malware Protection Center (MMPC) we look for ways to share the valuable data, insights and expertise that we have with our customers on a regular basis. We just released the sixth volume of our Microsoft Security Intelligence Report (SIR). The SIR shares the conclusions drawn by our research team using data gathered from hundreds of millions of computers worldwide and some of the busiest services on the internet.
A very clear trend we saw in the second half of 2008 was the rise in prevalence of rogue security software (software which poses as anti-malware or anti-spyware protection but in reality does little or nothing, and may even be malware!) The data also indicated that the number one threat we saw worldwide was Win32/Renos, a family of trojan downloaders and droppers that is used to distribute rogue security software – in the second half of 2008 we saw this threat increase in prevalence by 66.6%! We also saw a number of other rogue security software families increase in prevalence around the world, in different languages – be careful out there! Get your software from a trusted source. You've heard it before. It's sound advice we want to pass along.
Here are a couple of other key findings from the report:
- The trojan downloaders and droppers and miscellaneous trojan categories of threat remain the most prevalent threats we see worldwide, making up more than 50% of all malware removed:
- The infection rates for newer operating systems, and later service pack combinations, is significantly better than that of their predecessors:
Infection patterns vary between enterprise and home computer users – enterprise computer users (Forefront Client Security users) encounter more worms in their environment, whereas home computer users (Windows Live OneCare users) encounter more trojan threats:
Here are some resources that Microsoft has created to help you protect yourself from these threats:
Again, use an up to date antimalware product from a known, trusted source, and keep it updated. Be cautious not to follow advertisements for unknown software that pretends to provide protection. Access the sites of the reputable vendors directly for getting information or subscription to their products and services.
If your antimalware software does not include antispyware software you should install a separate program and keep it updated. Windows Defender is included in Windows Vista, and is available as a free download for Windows XP users from http://www.microsoft.com/windows/products/winfamily/defender/default.mspx.
Install a firewall and keep it turned on.
Always run up-to-date software. Enable Automatic Updates in Windows, which will ensure that the latest security updates from Microsoft are downloaded automatically. Periodically check the Web sites of third-party add-on vendors to ensure that you have the latest security updates for their software.
Use caution when you click on links in e-mail or on social networking sites.
More information and guidance on rogue security software can be found at http://www.microsoft.com/protect/computer/viruses/rogue.mspx.
There is lots more data and analysis to be found in the SIR - read more by downloading the SIR and the Key Findings Summary here.
General Manager, MMPC