Malicious remote control software continues to be one of the biggest threats to Windows PCs, according to a new Microsoft security report.
More than 43,000 new variants of such insidious software were found in the first half of 2006, making them the most active category of malicious software, Microsoft said in a Security Intelligence Report published on Monday. In June Microsoft also flagged zombies as the most prevalent threat to Windows PCs.
"Attackers, with financial gain in mind, are clearly concentrating a significant amount of development focus on this category of malware," Microsoft said in the report.
Of 4 million Windows PCs found to be infected with some kind of malicious software in the first half of this year, about 2 million were running malicious remote control software, Microsoft said. The data is collected by Microsoft's free Windows Malicious Software Removal Tool, which runs when security updates are installed on Windows PCs.
While the number is high, it is actually a decrease from the second half of 2005, when Microsoft found that 68 percent of infected PCs contained a backdoor Trojan. Meanwhile, hackers are trying harder to make their networks of hijacked computers go unnoticed by moving to new web-based techniques.
A computer compromised by such a Trojan horse, popularly referred to as a zombie PC, can be used by miscreants in a network of bots, or "botnet", to relay spam and launch cyberattacks. Additionally, hackers often steal the victim's data and install spyware and adware on PCs, to earn a kickback from the spyware or adware maker.
Rootkits, which make system changes to hide another piece of possibly malicious software, remain an uncommon threat. There has been a 50 percent reduction in this kind of attack against computers running Windows during the past six months, Microsoft said.
Microsoft introduced the Windows Malicious Software Removal Tool in January last year. An updated version of the program ships monthly with Microsoft's security updates. The tool aims to identify and remove prevalent malicious software from PCs.
Talkback
I do my bit by reporting the more active addresses to the relevant ISP to allow them to notify the PC owner that they are infected. US ISPs are 50/50 with some instantly acting but others ignoring it until threatened.
UK ISPs in general hide their heads and do nothing. The Russians are quite effective with responses indicating they have "terminated" the user. But until all the ISPs take some responsibility for tracking down and notifying the owners of the infections on their networks we have no other way of notifying them and so will have this problem for many years to come. this has to satrt at the top with the RIPE, ARIN etc taking responsibility for ensuring the contact details are correct, and there should be a way of blocking the addresses until the contact details are verified.
Have serious doubts that there is any way to prevent this type of intrusion on a "swiss cheese' OS, like windoze.
Windows is the most common operating system (I don’t wish to defend it please don’t flame me) and that is why they are targeted, *nix users also tend to be slightly more clued up to the perils out their compared with the average Windows user, if they was educated slightly more on how to look after a windows machine (E.G, an up to date anti virus program, a firewall and at least one anti spy ware\ ad aware program) then I think the majority of the problems will go away. Also if the people who sells the PC in the first place would sit down the user and explain to them what they need to get hold of to safely connect to the web (not a demo version of programs would help). Also Steve B is correct I think the ISP’s need to do some filtering on the traffic that is passing through their networks.
If ISP's would be charged triple or more for outbound malware/spyware/viral/etc traffic the problem would probably be under control sooner then later.
Of course, it would also help if ISP's would be able to offload their "fines" to vendors that statistically seem to be the main cause of such "super charged" traffic.
Or simple be legally allowed to shut down whatever service to nodes that generate such "super charged" traffic.