Microsoft Warns Against Rising Scareware Threat

In a recent Security Intelligence Report, Microsoft revealed that scareware threats are steadily climbing. The report, which covers the second half of 2008, finds that fake security software is becoming more and more prevalent as people head online in greater numbers.

Scareware isn't your traditional malicious software. It's not simply a virus or malware, but can lead to those kinds of infections. Instead, scareware is a more sinister kind of threat -- it pretends to be security software willing and able to "repair and protect" a user's system, but is in fact just a farce.

Most scareware programs don't do anything to help improve the security of a user's computer, even though they are designed to shock users with sensationalist error pop-ups, warning that their system is teeming with "infections."

Fear and Annoyance Tactics

Microsoft's report sums up scareware's threat nicely. "Rogue security software uses fear and annoyance tactics to convince victims to pay for 'full versions' of the software in order to remove and protect themselves from malware, to stop the continual alerts and warnings, or both," it reads. (Source: informationweek.com)

In the worst case scenarios, the programs people download in hopes of repairing their system can actually infect it. Microsoft's report found that two rogue software infections in particular had a dramatic effect on users duped into downloading scareware: Win32/FakeXPA and Win32/FakeSecSen. The pair were found on some 1.5 million computers, making them serious threats in 2008. (Source: cnet.com)

Cause of Security Breaches

The report also discusses several other interesting finds, none more fascinating than the primary cause of security breaches late last year.

Microsoft finds that about half of breaches were caused when people misplaced their notebooks or had their hardware stolen. Most would expect massive hacking schemes to be responsible for the bulk of data loss.

Finally, there's unsurprising discovery that most security breaches in the latter half of 2008 could have been prevented. "Over ninety-one percent of attacks examined exploited a single vulnerability for which a security fix had been available for more than two years."