Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

New malware scanner finds 5 per cent of Windows PCs infected

Java exploits remain biggest threat to PCs, says Microsoft

One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said this week.

Microsoft cited that statistic and others from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12.

The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft's Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8 per cent.

On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.

Of the top 10 threats found by Safety Scanner, seven were Java exploits, said Scott Wu and Joe Faulhaber of the MMPC, in a blog post. Wu is a program manager with the MMPC, while Faulhaber is a software engineer.

That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.

Microsoft blamed exploits of just two vulnerabilities in Oracle's Java for generating 85 per cent of all Java attacks in the second half of 2010. Not surprising, those same two vulnerabilities ranked No. 1 and No. 6 in the Safety Scanner top 10.

One of the heavily-exploited Java bugs was patched in December 2008 by Sun -- which has since been swallowed by Oracle -- while the other was fixed in November 2009.

Microsoft has sounded the warning about the explosion in Java exploits before. In October 2010, Holly Stewart, another MMPC manager, said the attack volume was "scary" and "unprecedented."

Hacker reliance on Java made sense to Marc Fossi, the director of Symantec's security response team, in an interview last year. "Since Java is both cross- browser and cross-platform, it can be appealing to attackers," he said, referring to Java's use by every major browser, and on Windows, Mac OS and Linux.

Safety Scanner found 2272 Windows PCs with evidence of an exploit of the most wide-used Java bug, dubbed "CVE-2008-5353" in the Common Vulnerabilities & Exploits database. Of those machines, 7.3 per cent of them also contained the notorious Alureon rootkit, while 5.7 per cent of them had been infected with one of the fake security programs of the "Winwebsec" family.

"By the time a user downloads and runs [Microsoft Safety Scanner] to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time," acknowledged Wu and Faulhaber.

Alureon made news in February 2010 when Windows XP systems infected with the rootkit were crippled after a Microsoft security update. And Winwebsec, as Microsoft called the line of phony antivirus software that dupes victims into paying for the worthless program, has been linked to MacDefender, the scareware that's been plaguing Mac users all month.

Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft's free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises.

The free scanner can be downloaded from Microsoft's site.

Read more about security in Computerworld's Security Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Linux, Microsoft, MPC, Oracle, Symantec, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Microsoft, operating systems, oracle, security, software, Windows
Latest Blog Posts
Whitepapers
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
  • Collaborative software delivery: Managing today’s complex environment to improve software quality
    IBM Rational Team Concert software can help simplify, automate and govern the delivery process. Based on the open standards Jazz platform, it offers a lean collaborative application life cycle management (ALM) solution with integrated planning, work-item tracking, version control, build management and reporting.
    Learn more »
  • HP Imaging and Printing Services
    According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments