Security intelligence gathered by Microsoft Corp shows a significant increase in rogue security software or ‘scareware’ that lures people into paying for protection that, unknown to them, is actually malware often designed to steal personal information.
According to the latest Microsoft Security Intelligence Report released today, rogue programmes known as Win32/FakeXPA and Win32/FakeSecSen were detected on more than 1.5 million computers.
Win32/Renos, another threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 67% percent over the first half of 2008.
Vinny Gullotto, general manager of the Microsoft Malware Protection Centre said, We see cybercriminals increasingly going after vulnerabilities in human nature rather than software.”
He said the security industry needs combat the next generation of online threats through a community-based defence and broad industry cooperation with law enforcement and the public.
Rogue security software and other social engineering attacks compromise people’s privacy and are costly; some take personal information and tap into bank accounts, while others infect computers and rob businesses of productivity.
Steps can be made to counter the problem, and the report recommends that security managers always configure computers to use Microsoft Update instead of Windows Update.
They should also use the Microsoft Security Assessment Tool (MSAT) to help assess weaknesses in their IT security environment.
Individuals are warned not to follow advertisements for unknown software that appears to provide protection and should avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.
The report also cited the biggest cause of data breaches as lost and stolen computer equipment, which it reckons makes for 50% of all reported incidents.