Click to enlarge. Credit: Microsoft.

Internet worms experienced a resurgence in the first half of 2009 -- almost doubling in volume over the previous six months, according to a new Microsoft report. At the same time, there was a decrease in rogue security software, malicious programs that pop up and infect computers under the guise of removing viruses and spyware.

Those are among the findings released this morning by Microsoft in its seventh Security Intelligence Report, which compiles data and spotlights trends gleaned from the company's Malicious Software Removal tool, scanned Hotmail messages, Windows Live Messenger trends, and other programs offered by the Redmond company.

Worms can propogate by themselves, spreading across the Internet by exploiting software vulnerabilities, as opposed to Trojan dowloads and other exploits that require the user to take a specific action such as clicking on a dialogue or visiting an infected site. Worms rose to become the second most common type of threat in Microsoft's latest report, compared with a previous fifth-place ranking for the second half of last year.

High-profile examples include the Conficker worm, which has infected millions of Windows PCs since it surfaced late last year, giving the people behind it potentially malicious connections into computers around the globe. Information about detecting and removing the Conficker worm is available on this Microsoft site.

Microsoft has long been criticized for the lackluster security of Windows and other products, but improvements in its software development process have helped noticeably in recent years. Among other things, better Windows security contributed to a reduction in the prevalence of worms in recent years, prior to this latest report, said Jeff Williams, principal group program manager in Microsoft's Malware Protection Center.

"We see in this resurgence not only that the prevalence is much higher than it has been in previous periods, but that the mechanism for it to propogate has changed, as well," Williams said in an interview. "The vulnerability that something like Conficker used was more difficult to find, more difficult to exploit.

"But what this shows us is that the criminals are investing energy and expertise," he added. "It's clear from the developments around some of these different worms -- watching them change over time -- that there are criminal enterprises that are operating in a traditional, corporate-like fashion, where they have a release cycle and they have progressive development that adds new functionality over time."

Microsoft's recommendations include downloading and installing regular security updates, and running security software. The company also says corporate IT departments such develop policies for file sharing and removable drives that can make malware spread more easily. Download the full report on this Microsoft page.