Microsoft: Scareware, Pdf Exploits Rise


Recommended Posts

April 8, 2009 12:01 AM PDT

Microsoft: Scareware, PDF exploits rise

by Elinor Mills

The use of scareware and exploits that take advantage of common file formats like PDF, Excel and Word rose in the second half of last year as online scammers realized people are getting smarter about recognizing spam and phishing e-mails, according to a Microsoft security report to be released on Wednesday.

There was a significant increase in rogue security software, which falsely informs people they need to buy security software and instead either does nothing or steals personal information, the Microsoft Security Intelligence Report found.

Two rogue malware families--Win32/FakeXPA and Win32/FakeSecSen-- were detected on more than 1.5 million computers, pushing them into the list of top 10 threats in the second half of 2008. One rogue application, dubbed Win32/Renos, was found on 4.4 million computers, showing growth of nearly 70 percent over the first half of the year, according to the report issued twice a year.

Microsoft and the Attorney General's office in Washington state filed a handful of lawsuits against alleged scareware companies last year.

Meanwhile, the total number of unique vulnerability disclosures dropped 3 percent during the second half of last year and was down 12 percent for the year from the prior year. The proportion of vulnerabilities disclosed in operating systems continued to decline, to 8.8 percent, while 4.5 percent affected browsers and 86.7 percent affected applications and other software.

During the second half of 2008, Microsoft released 42 security bulletins addressing 97 vulnerabilities, a 67 percent increase over the first half of the year. For the full year, the company released 78 security bulletins addressing 155 vulnerabilities, up nearly 17 percent from 2007.

Microsoft software accounted for 6 of the top 10 browser-based vulnerabilities attack on computers running Windows XP in the second half of last year, while there were none for computers running Windows Vista.

The most frequently exploited holes in Office were also some of the oldest, with more than 91 percent of attacks exploiting a single vulnerability for which a security fix had been available for more than two years.

Details - CNET News http://news.cnet.com/security/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...