PC Malware Infections on the Rise

The Microsoft Security Intelligence Report (SIR) outlines PC security threats and is based on data captured by Microsoft. Here is a download to the latest volume, covering the first half of 2010.

Much of the report covers recent botnets. Botnets start when a virus infects a computer, either through spam or an infected web page. The virus puts the Windows machine under the control of the botnet, typically run by criminal syndicates. The report explains how criminals use and share your information.

Viruses are on the rise. In the three months between April and June 2010, Microsoft cleaned up more than 6.5 million infections, twice as much as the same period in 2009.

This chart shows the number of computers cleaned by Microsoft, listed by country.

This map illustrates the percentage of computers infected in particular regions. The infection rate was highest in South Korea where 14.6 out of every 1000 machines were found to be enrolled in botnets.

Stay Safe

As always, be sure to run Windows Updates and some form of Anti-virus. I prefer the free Microsoft Security Essentials, which I find to be just as effective but less of a memory hog than anti-virus by Symantec or McAfee.

Or you can just use a Mac which has had almost no threats. The only real-world attack that I know of for the Mac was a Trojan-infected version of Apple iWork that you would get from a pirated torrent download site. Besides that, the only Mac threats have been proof-of-concept attacks developed by researchers but never used.

Microsoft Security Essentials 2.0 Beta

My favorite free security software for Windows is Microsoft Security Essentials from Microsoft, the folks who should be protecting their operating system.

Microsoft just came out with a beta of their next version, Microsoft Security Essentials 2.0 featuring:

  • Windows Firewall integration– allows you to turn on or off the Windows Firewall during setup.
  • Enhanced protection from web-based threats – integrates with Internet Explorer to provide improved protection against web-based attacks.
  • New protection engine – offers enhanced detection and cleanup capabilities with better performance.
  • Network inspection system – protects against network-based exploits.

To get the new version, go to the Microsoft Connect site and fill out the beta registration information. Then you’ll see instructions for downloading and installing the beta.

Conficker Arrives

ArmageddonIs it time to buy those boxes of ammo and head for the hills? We’ll see.

This Wednesday, April 1st the Conficker worm will do something. No one knows what. But it has security experts up late. It is believed that at one point Conficker was on 6% of the world’s PCs. This has been reduced dramatically by the work of Microsoft in issuing special patches for the worm. But hundreds of thousands of PCs are still estimated to be infected.

Early this month, Symantec’s security researchers began noticing that the worm was changing in order to avoid steps to interrupt the worm’s links with its hacker controllers. The first versions of the worm generated a list of 250 possible domains each day that could be used to route instructions from hackers. The new edition uses a list of 50,000 URLs in order to overwhelm security researchers.

Typically hackers use large botnets of computers to commit distributed denial of service (DDOS) attacks against websites. The hackers will demand that large websites pay them in order to be spared.

If you are worried about your computers or those of people you love, you can read Microsoft’s alert and my earlier post on how to prevent and remove the virus.

Antivirus XP 2008 Is Bogus

A recent Sterling, Virginia customer got hit by a fake warning that her computer had been infected by a virus. But it was just a pop-up browser window that, when clicked, actually installed malware on her computer. To add insult to injury, the malware installed is called Antivirus XP 2008. So you think it’s there to help you when in fact it IS the infection.

Antivirus XP 2008 shows a list of files that it claims are infected on your computer. See that the icons used are the same as those used by Windows. If you register the “anti-virus” software in an attempt to fix your computer, the bad guys will have your credit card information.

On other computers, I have seen Antivirus XP 2008 installed on the Windows Desktop background so that your wallpaper background always gave you a warning.

This has become a common computer problem. It is an easy scam to fall for because it looks very close to a real Windows warning.

This is an effective social engineering scam because people are scared of viruses and have grown accustomed to following any computer-generated prompts to remove them.

For this particular computer, I booted into Windows Safe mode and ran Malwarebyte’s Anti-malware program which is free for a couple of weeks use. Luckily the infection could be removed. In some cases, the malware can actually take over all administrator rights to the computer and rewrite the operating system to the extent that the only real alternative is to save your personal files and reinstall Windows.

Russian Gang Hijacking PCs

This NY Times article talks about how a gang in a Russian town is using Microsoft administrative tools to infect private and government computers. A few excerpts:

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet.

The system infects PCs with a program known as Coreflood that records keystrokes and steals other information.

“The great thing about this system is that from one computer it is possible to push out updates to all machines in a corporate network at once,” Mr. Stewart said. “This is a useful tool that Microsoft has provided. However, the bad guys said, ‘We’ll just use it to roll out our Trojan to every machine in the network.’ ”

The gang then uses the passwords to access your bank account and transfer out money. Scary stuff.

This only affects Microsoft operating systems, so Macs are safe. In order to protect PCs, I suggest using:

  • hardware firewall (included in routers)
  • Windows Vista or XP with Service Pack 3 (latest)
  • Anti-virus software such as AVG Free or Avast.

If you get infected by something like this Coreflood virus, you should do a complete re-install of your system.