Microsoft’s Report – Increase in Scareware and PDF Exploits

Semi-annual Security Intelligence Report of Microsoft, released on April 8, 2009, states that scareware and other malicious techniques which exploit common file formats like Excel, PDF and Word increased in the later half of 2008 as cyber criminals acknowledged that Internet users are becoming smarter on recognizing phishing e-mails and spam.

Scareware, as per security experts, is referred to rogue security applications. It usually offers a free scanning of the user's PC that gives false information to the user of his PC being infected. This program, once installed, renders the security applications ineffective against the malicious codes. According to security experts, the designers of scareware make huge profits.

The two Trojan programs namely Win32/FakeSecSen and Win32/FakeXPA, veiling as security software programs on over 3 Million computers worldwide in the later half of 2008, enabled their authors to earn huge profits, as per the Security Intelligence Report of Microsoft.

The findings of the Microsoft's report are actually backing the debate that was raised by Alex Stamos, Partner and Co-Founder of software security firm ISEC Partners towards the start of April 2009 at the Web 2.0 Expo. The debate focused on the Internet being very dangerous for technically primitive people.

According to Stamos, normal people could not use the Internet safely, as reported by InformationWeek on April 8, 2009. He expressed his view by saying that majority of people are not in a mindset to take technical decisions crucial to the safe use of Internet.

Moreover, during July-December 2008, Microsoft relayed 42 security bulletins addressed at 97 vulnerabilities, 67% up as compared to the first half of 2008. Overall, in 2008, Microsoft released 78 security bulletins that were addressing 155 flaws, nearly 17% up from 2007. Thus, there was an increase in the total number of exploits in 2008 and this means more malicious content could be downloaded, according to Microsoft's report.

Attackers also exploited vulnerabilities in third-party software from vendors like Adobe, whose PDF reader is among the most widely used readers in the world. In 2008, several vulnerabilities were found associated with Adobe Reader. Microsoft revealed that the attacks targeted at PDF in July 2008 were more than twice the number of attacks faced by PDF during January-June 2008.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 4/13/2009