Fake security tools still big threat, worms on the rise

TheNo. 1 offender to Canadian’s PCs in the first half of 2009 was Win32/ZangoSearchAssistant, adware that victims probably don’t even know hit them, according to a recent security report from Microsoft Corp.

ZangoSearchAssistant tricks unsuspecting users into downloading it in the guise of improving search results and producing related links based on user-specific keywords, explained Mohammad Akif, security and privacy lead with Microsoft Canada Co.

“You might think what a stroke of luck, I was just searching for Michael Jackson earlier, and now this offer is popping up,” said Akif. But in reality, the related links are companies in ZangoSearchAssistant’s network.

Most of the Top 25 security threats listed in the seventh version of the Microsoft Security Intelligence Report (SIRv7) are consumer threats, but those of importance to the enterprise include ASX/Wimad and Win32/Renos, said Akif.

Both Trojans, Wimad and Renos have had a presence in the enterprise for some time, as have others, said Akif. “That is the biggest category from an enterprise perspective,” he said.

Wimad, for instance, positions itself as a Windows media file, tricking users into downloading it.

SIRv7 also reported that worm infections rose by nearly 100 per cent compared to the preceding six months, thanks to Conficker and Taterf.

While spikes in infection rates are normal when new attacks are launched, they are usually just a “small bump,” said Akif. “This is a little bit unusual,” he said.

Akif added that the fact that these two worms spread as quickly and effectively as they did is a testament to the strength of these types of threats.

Conficker can spread through an enterprise that didn’t have appropriate security rules in place, said Akif. Taterf, spreading primarily through the online gaming community, could still infect enterprises if the child of an employee had an infected PC from playing online games, and transferred infected files to the parent’s PC, who then transferred them to work, said Akif.

SIRv7 also indicates that rogue, or fake, security software remains a major threat, although infections did drop by 20 per cent in the past six months.

“All over the world, it has become the No. 1 threat,” said Akif.

There were 16.8 million infections in 2008 compared to 13.4 million in the last six months. But rogue security software is morphing, becoming more sophisticated in how it attacks, said Akif. It’s more difficult to identify now because they do things like latch on to free software.

While rogue security software is typically not a huge pain for large enterprises with security policies in place, Akif said resource-constrained small to medium businesses are an easy target.

According to Toronto-based security consultant, Brian O’Higgins, rogue security software is particularly crafty because it preys on a combination of fear and training.

“People have been trained to be concerned about security, and when a pop-up comes on that claims your machine is at risk, they are willing to install the software,” said O’Higgins.

Moreover, advertisements for scareware find their way to reputable sites after the malware distributors have successfully worked around search engine optimizations, said O’Higgins.

But while some scareware actually does remove malware, said O’Higgins, they are created to be difficult to remove because they can’t be uninstalled unless the user pays a removal fee.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now