Trojan downloaders and malware that masquerades as security software are the two fastest growing threats on the Web right now, according an analysis by Microsoft’s Malware Protection Center. In its latest Software Intelligence Report, released on Wednesday, the MMPC found that a Trojan downloader named Renos that installs rogue security software was the most prevalent threat in the second half of 2008, increasing by 66 percent.
Trojan downloaders in general have become a major problem as attackers continue to look for new ways to install malware on vulnerable machines. Microsoft found that these threats accounted for more than half of all of the malware removed by its Malicious Software Removal Tool from July through December of last year.
“The prevalence of rogue security software has increased significantly over the past three periods. Rogue security software uses fear and annoyance tactics to convince victims to pay for ‘full versions’ of the software in order to remove and protect themselves from malware, to stop the continual alerts and warnings, or both,” the report says.
Microsoft pulls the data for the SIR from the results it sees from removals of malware done by the MSRT on millions of PCs, both in the enterprise and in homes. So it’s an interesting data set with a fairly broad sample base.
One other interesting nugget in the report is that only about 41 percent of browser-based exploits on pre-Vista versions of Windows targeted Microsoft products. On Vista, that number drops to about five percent. And both of those numbers have been going down over time. That’s a trend that bears watching.
*Graph from Microsoft Security Intelligence Report