A Microsoft security report sheds light on threats including document file format attacks, the differences in malware affecting home and business computers, and phishing. But rogue security software, (a.k.a. “scareware”) is becoming a cause of major concern.
The reports says rogue software lures users into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information.
The Microsoft Security Intelligence Report shows that such programs are now among the top threats around the world. For example, two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, catapulting them into the top 10 threats in the second half of the year.
In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6% over the first half of 2008.
It says rogue security software and other social engineering attacks such as these compromise people’s privacy and are costly; some take personal information and drain bank accounts, while others infect computers and rob businesses of productivity.
The report says lost and stolen equipment, not computer hacking, continues to be the most common cause of security breaches resulting in data loss publicly reported in the second half of 2008, totaling 50% of reported incidents. To mitigate this threat, organizations must implement strong data governance practices to help protect data from criminal access, it suggests.