New malware scanner finds 5% of Windows PCs infected
Java exploits remain biggest threat to PCs, says Microsoft
Computerworld - One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said this week.
Microsoft cited that statistic and others from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12.
The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft's Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8%.
On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.
Of the top 10 threats found by Safety Scanner, seven were Java exploits, said Scott Wu and Joe Faulhaber of the MMPC, in a blog post. Wu is a program manager with the MMPC, while Faulhaber is a software engineer.
That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.
Microsoft blamed exploits of just two vulnerabilities in Oracle's Java for generating 85% of all Java attacks in the second half of 2010. Not surprising, those same two vulnerabilities ranked No. 1 and No. 6 in the Safety Scanner top 10.
One of the heavily-exploited Java bugs was patched in December 2008 by Sun -- which has since been swallowed by Oracle -- while the other was fixed in November 2009.
Microsoft has sounded the warning about the explosion in Java exploits before. In October 2010, Holly Stewart, another MMPC manager, said the attack volume was "scary" and "unprecedented."
Hacker reliance on Java made sense to Marc Fossi, the director of Symantec's security response team, in an interview last year. "Since Java is both cross-browser and cross-platform, it can be appealing to attackers," he said, referring to Java's use by every major browser, and on Windows, Mac OS and Linux.
Safety Scanner found 2,272 Windows PCs with evidence of an exploit of the most wide-used Java bug, dubbed "CVE-2008-5353" in the Common Vulnerabilities & Exploits database. Of those machines, 7.3% of them also contained the notorious Alureon rootkit, while 5.7% of them had been infected with one of the fake security programs of the "Winwebsec" family.
"By the time a user downloads and runs [Microsoft Safety Scanner] to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time," acknowledged Wu and Faulhaber.
Alureon made news in February 2010 when Windows XP systems infected with the rootkit were crippled after a Microsoft security update. And Winwebsec, as Microsoft called the line of phony antivirus software that dupes victims into paying for the worthless program, has been linked to MacDefender, the scareware that's been plaguing Mac users all month.
Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft's free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises.
The free scanner can be downloaded from Microsoft's site.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts