Long dismissed as a security scare of the past, Internet worms appear to have made a strong comeback, jumping to take the top two places on Microsoft's latest threat list.
According to Microsoft's latest Security Intelligence Report (SIR) Volume 7, which covers the period from January to June 2009, old-style mass-infection worms have doubled between the second half of 2008 and the first half of this year.
The rise appears to be down to only two main offenders, Conficker, and the second the less well-known but almost as significant, Taterf. The well-publicised Conficker showed up 5.217 million times during scans carried out by the company in the first half of this year, with Taterf not far behind on 4.911 million infections. Overall, Trojans are still the top threat type but no single Trojan achieved numbers as high as either worm, with the nearest, Renos, on 3.323 million infections.
Worms have steadily declined in importance over the last decade, so why the resurgence, and why now?
According to Microsoft UK security head, Cliff Evans, there are two possible explanations - gaming and fashion. Taterf, in particular, is aimed at players of online multi-player games, attempting to steal login credentials. As with all worms, old or new, its most effective weapon is its ferocious ability to spread at great speed, looking for and infecting any drive connected to the host PC, including networked drives.
Evans reckons that more people are playing such games from within business networks than is generally realised, especially if looked at on a global level.
"Things do come and go, in and out of fashion," concedes Evans, which is to say that having tried every other attack type, criminals are perfectly able to return to older methods if they increase the chances of success. "You get something [Conficker and Tarerf] that bucks the trend."
On a slightly positive note, the phenomenon of rogue or bogus security software appears to have peaked, with detections down from 16.8 million in the second half of 2008 to 13.4 million in the period covered by SIRv7. It is still the largest category of threat for the first six months of the year, but is on the way down, at least for now.
Do such figures hold much water? Microsoft's figures can probably be trusted. The company draws it statistics by scanning real PCs across the world using its burgeoning empire of online services, including the Microsoft malicious Software Removal Tool (MSRT), Windows Live OneCare and Windows Defender (now succeeded by the free Security Essentials program), as well as scans of its Bing search engine. The installed base of those tools is huge, and will doubtless increase as the Security essentials programs spreads in popularity.