Infosec 08: Microsoft says trojans a major threat

gallery

The financial threat of malware in the UK is of serious concern, with trojans the tool of choice, according to the results of Microsoft's twice-yearly Security Intelligence, released at Infosec 2008 in London today.

More than half (51 per cent) of malicious software were trojan downloaders, and 30 per cent were trojans. This was significant in terms of the present threat compared to five or six years ago, according to Vinny Gullotto, general manager of the Microsoft Malware Protection Centre.

"Today, money is clearly the motivator," said Gullotto. "The two pieces of code are primarily generated to infiltrate someone's system and to try and take advantage of it."

The Security Intelligence Report is Microsoft's in-depth look at software vulnerabilities, exploits, malicious and unwanted software from the last few years but with a particular focus on the second half of 2007.

Malware was found using the Microsoft Malicious Software Removal Tool (MRST), which discovered that the amount of malware removed had increased by over 40 per cent during the second half of 2007.

The report showed a 300 per cent increase worldwide in the number of trojan downloaders and droppers detected and removed during the second half of 2007. This increase was vastly larger than in the same period a year before.

Microsoft said that trojan downloaders were now clearly the tool of choice for some attackers. The most prevalent rogue security software during the second half of 2007 was Win 32/Winfixer, with more than five times as many detections as any other single family.

"If you take a look at the trojan and trojan downloaders, in there are embedded bots, which can be disguised as trojans," said Gullotto.

"Those trojans turn into bots, those bots download adware, this gets installed - it's a vicious cycle. The thing to keep in mind is that the technology used to detect and remove them is essentially the same."

Gullotto said that it was vital to get anti-malware technology and to do regular updates and scans, because there were so many ways to get infected online.

He also said that although not all unwanted software like adware is malicious in nature, it is still used to track the online behaviour of people.

"When you look at machines that are compromised with a trojan or a downloader and data is extracted from somebody, this can be sold on the black market," said Gullotto.

"Passwords, credit card information, ID numbers of some sort. We've all heard of identity theft. Those are some of the things people need to be aware of."

For more Infosec 2008 coverage, see IT PRO's roundup page here.

Email to a friend

Print this page