SEATTLE – Computer users' growing fear of worms and viruses could be behind a recent spike in attacks on PCs via bogus security software, according to a Microsoft Corp report published on Wednesday.
As the Conficker worm and other malicious software — known as malware — have grabbed headlines, more computer users have been looking for security programs online, some of which turn out to be agents for viruses themselves.
Out of hundreds of millions of PCs monitored by the world's largest software maker for its twice yearly Security Intelligence Report, seven of the 25 top security threats came in the form of fake security programs.
In the last six months of 2008, Microsoft said it cleared 4.4 million PCs of the most successful bogus security program, which goes under the name of Win32/Renos.
That is a 67 percent increase over the first half of 2008, said George Stathakopoulos, head of product security at Microsoft's Trustworthy Computing Group.
Fear of Conficker "could be a part of it," said Stathakopoulos, explaining the sudden jump in attacks from what Microsoft calls "rogue" security software, or "scareware".
According to the report, more security-conscious consumers are being tricked by insistent or alarming pop-up warnings into paying for protection which, unknown to them, is actually malware designed to steal personal information.
The phenomenon of "scareware" is a headache for bona fide security software makers such as Symantec Corp, McAfee Inc and Trend Micro Inc.
But these companies in turn have played a role in raising fears about malware such as Conficker, and have reaped a windfall from worried computer users buying their products.
Conficker, a program that works its way into a PC and allows it to be controlled remotely, is believed to have infected millions of PCs, but no significant disruption has yet occurred.
Overall, Microsoft's report shows that instances of software security problems — what it calls "unique vulnerability disclosures" — actually fell 3 percent in the second half of last year from the first half. But the number defined as "high severity" rose 4 percent.
The report only reflects PCs using Microsoft systems, and does not include Linux operating systems or Apple Inc computers.
The report, and guidance on how to avoid viruses, is available at http://www.microsoft.com/sir.