Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Microsoft Security Intelligence Report – July to December 2007

May 5th 2008 in Uncategorized

I have been reading through the Microsoft Security Intelligence Report covering the period July through to December 2007 over the past few days.  Although the bulk of the report focuses on security vulnerabilities, there are statistics specific to “rogue security software” (aka fraudware) and “potentially unwanted software” that I found interesting:

  • The most prevalent rogue security software detected in the second half of 2007 was Win32/Winfixer, with more than five times as many detections as any other single family.  The report notes that “many of the more prevalent malware families rely on social engineering tactics that trick the user into taking action that bypasses or lessens the effectiveness of the user’s existing protection”.  I’m hoping as time goes on that I will see fewer “get Firefox” or “get a Mac” comments in response to reports of various fraudware outbreaks, as people come to realise that such responses do not address the base problem of social engineering.

  • The most prevalent malware family (as distinct to rogue security software) was Win32/Zlob, being removed more than 3 times as often as the second half of 2007 (and from twice as many computers) as any other individual malware family.  Often disguised as a media codec (there’s that social engineering again), Zlob uses pop-up advertisements and fake security alerts to encourage the victim to install, you guessed it, rogue security software.

  • The second most prevalent malware family was Win32/Renos.  Renos, like Zlob, is used to install rogue security software.  Renos was found to have infected 79% more distinct computers during the second half of 2007 than was detected during the first half of the year.

  • The top potentially unwanted software family detected in the second half of 2007 was Win32/Hotbar (which, ironically, I have seen advertised via the Windows Live Messenger advertising pane).  Win32/Hotbar was in 4th place during the first half of the year.

  • 129.5 million pieces of potentially unwanted software were detected between July 1 and December 31 2007, resulting in 71.7 million removals.  This is an increase of 66.7% in total detections and 55.4% in removals over the first half of 2007.

  • Adware remains the most prevalent category of potentially unwanted software in the second half of 2007, an increase of more than 66%, from 20.6 million detections to 34.3 million detections.

  • The most infected country/region in Europe is Albania; the least infected country/regions in Europe are Austria and Finland.  In the Asia-Pacific region the most infected countries/regions are Mongolia and Vietnam and the least infected Taiwan and Japan.

  • When prompted about rogue security software, nearly 60 percent of users choose to remove it immediately, with a large proportion of the rest choosing to quarantine the software (I admit to not understanding why only 60% of users are removing rogue security software).

It should be noted with regards to points 3, 5 and 6 that some of the increase can be attributed to an increase in the number of computers running Microsoft’s detection and removal tools, and “changes in the distribution practices for different pieces of potentially unwanted software [that] can have an effect on how many people are exposed to it and how often, and how they tend to respond to alerts raised about the software”.

You can get your own copy of the Microsoft Security Intelligence Report at this URL:


Comments are closed.

As irritating as it may be to have to approve every comment to this blog, and as disheartening as it is to know that the cretins behind spam are using tools that maximize output whilst minimizing personal effort, I still derive pleasure from seeing them screw up.
Spyware Sucks was hit by a spike in spam […]

Previous Entry

You will be unable to remove IE8 Beta or IE7 after installing Windows XP SP3 because Microsoft wants to make sure that you do not encounter a problem commonly known as “DLL Hell”.
IE8 Beta 1 users
You will NOT be offered Windows XP SP3 unless and until you remove IE8 Beta 1.  This is because if you install  windows XP SP3 […]

Next Entry