New malware scanner finds 5% of Windows PCs infected
Java exploits remain biggest threat to PCs, says Microsoft
Computerworld - One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said this week.
Microsoft cited that statistic and others from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12.
The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft's Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8%.
On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.
Of the top 10 threats found by Safety Scanner, seven were Java exploits, said Scott Wu and Joe Faulhaber of the MMPC, in a blog post. Wu is a program manager with the MMPC, while Faulhaber is a software engineer.
That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.
Microsoft blamed exploits of just two vulnerabilities in Oracle's Java for generating 85% of all Java attacks in the second half of 2010. Not surprising, those same two vulnerabilities ranked No. 1 and No. 6 in the Safety Scanner top 10.
One of the heavily-exploited Java bugs was patched in December 2008 by Sun -- which has since been swallowed by Oracle -- while the other was fixed in November 2009.
Microsoft has sounded the warning about the explosion in Java exploits before. In October 2010, Holly Stewart, another MMPC manager, said the attack volume was "scary" and "unprecedented."
Hacker reliance on Java made sense to Marc Fossi, the director of Symantec's security response team, in an interview last year. "Since Java is both cross-browser and cross-platform, it can be appealing to attackers," he said, referring to Java's use by every major browser, and on Windows, Mac OS and Linux.
Safety Scanner found 2,272 Windows PCs with evidence of an exploit of the most wide-used Java bug, dubbed "CVE-2008-5353" in the Common Vulnerabilities & Exploits database. Of those machines, 7.3% of them also contained the notorious Alureon rootkit, while 5.7% of them had been infected with one of the fake security programs of the "Winwebsec" family.
"By the time a user downloads and runs [Microsoft Safety Scanner] to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time," acknowledged Wu and Faulhaber.
Alureon made news in February 2010 when Windows XP systems infected with the rootkit were crippled after a Microsoft security update. And Winwebsec, as Microsoft called the line of phony antivirus software that dupes victims into paying for the worthless program, has been linked to MacDefender, the scareware that's been plaguing Mac users all month.
Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft's free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises.
The free scanner can be downloaded from Microsoft's site.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts