It’s a good thing we have Microsoft around to tell us that there is more scareware floating about the web. I published a post on AV360 early in March, but this is hardly the only incarnation of so-called “rogue security software.”

The idea behind scareware is to scare users into registering software (and usually paying for it) to protect themselves from malware infections. Unfortunately, the software for which they are paying is malware itself. No matter how many times I tell people about this problem of nearly epidemic proportions, though, teachers invariably find ways to get themselves infected.

As a number of bloggers and journalists have pointed out, the massive publicity surrounding the Conficker worm has made people hypersensitive to the idea of malware on their computers and more than happy to believe it when apparent security software tells them they’re infected.

Interestingly, according to the report and ChannelWeb,

Also in the report, Microsoft blamed third-party applications — and not Windows — for the majority of the security-related issues in its operating systems.

The Security Intelligence Report found that as software companies have improved the security of their operating systems, attackers have begun en masse to target the application layer. Nearly 90 percent of the reported attacks exploiting vulnerabilities from July to December 2008 were aimed at applications.

What does this mean for us? Obviously it means gateway-level AV is a must, as is client-level AV since so many users take their computers home. More importantly, though, it means that we will be able to rely less and less on Mac and Linux operating systems to ensure security. Cross-platform applications will increasingly make all operating systems vulnerable and malware distributors are finding increasingly creative ways to infect our machines.

The most important message, though? We need to train all of our users, whether teachers, students, or staff. What antivirus are you using in your school? Users need to know that messages from other sources (e.g., not Norton, Clamwin, McAffee, or whatever you’re using) claiming malware infections means that they should call tech support, not start clicking. Finally,

Meanwhile, researchers say that users should avoid opening attachments or clicking on links in e-mail or IM from unknown or untrusted sources.

It sounds simple, but training is the key here. We are in education, right? We need to educate all of our users on a continual basis.

Follow Chris Dawson on Twitter! Christopher Dawson is the technology director for the Athol-Royalston School District in northern Massachusetts. See his full profile and disclosure of his industry affiliations, but always keep in mind that the opinions expressed here are his own and not those of his daytime employer, even if he talks incessantly about his day job.

Email Christopher Dawson

By Bill Rigby

SEATTLE (Reuters) – Computer users’ growing fear of worms and viruses could be behind a recent spike in attacks on PCs via bogus security software, according to a Microsoft Corp report published on Wednesday.

As the Conficker worm and other malicious software — known as malware — have grabbed headlines, more computer users have been looking for security programs online, some of which turn out to be agents for viruses themselves.

Out of hundreds of millions of PCs monitored by the world’s largest software maker for its twice yearly Security Intelligence Report, seven of the 25 top security threats came in the form of fake security programs.

In the last six months of 2008, Microsoft said it cleared 4.4 million PCs of the most successful bogus security program, which goes under the name of Win32/Renos.

That is a 67 percent increase over the first half of 2008, said George Stathakopoulos, head of product security at Microsoft’s Trustworthy Computing Group.

Fear of Conficker “could be a part of it,” said Stathakopoulos, explaining the sudden jump in attacks from what Microsoft calls “rogue” security software, or “scareware”.

According to the report, more security-conscious consumers are being tricked by insistent or alarming pop-up warnings into paying for protection which, unknown to them, is actually malware designed to steal personal information.

The phenomenon of “scareware” is a headache for bona fide security software makers such as Symantec Corp, McAfee Inc and Trend Micro Inc.

But these companies in turn have played a role in raising fears about malware such as Conficker, and have reaped a windfall from worried computer users buying their products.

Conficker, a program that works its way into a PC and allows it to be controlled remotely, is believed to have infected millions of PCs, but no significant disruption has yet occurred.

Overall, Microsoft’s report shows that instances of software security problems — what it calls “unique vulnerability disclosures” — actually fell 3 percent in the second half of last year from the first half. But the number defined as “high severity” rose 4 percent.

The report only reflects PCs using Microsoft systems, and does not include Linux operating systems or Apple Inc computers.

The report, and guidance on how to avoid viruses, is available at www.microsoft.com/sir.

(Reporting by Bill Rigby, editing by Leslie Gevirtz)

Criminals continuing to extort money from vulnerable users

Phil Muncaster

vnunet.com, 08 Apr 2009