Microsoft today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.
In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft?s work to aggressively clean customer machines and customers? diligence in applying software updates.
SIRv7 provides a deep, accurate view of the threat landscape country by country. For the first time, this report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.
Top Global Trends
Ten years after Melissa appeared and defined mass-mailing worms as a class of malicious threats, worm infections have resurged to become the second most prevalent threat for enterprises in the first half of 2009. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments. According to SIRv7, the following were the top two families detected:
?Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Conficker is not in the top 10 for consumers, because home computers are more likely to have automatic updating enabled. This further reiterates the need for enterprises to have a robust security update management program in place.
?Taterf, with detections up 156 percent since the second half of 2008, targets massively multiplayer online role-playing games (MMORPGs). These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage volumes ? both of which are often plentiful in the enterprise. Taterf?s impressive growth underscores the need for organizations to develop guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.
According to the report, rogue security software remained the single largest threat category for the first half of 2009. In addition, while there has been progress combating rogues, this threat remained a major pain point for computer users during the same period. Also known as ?scareware,? rogue security software takes advantage of customers? desire to keep their computer protected. Microsoft products and services removed malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from a company they trust and to keep its threat definitions up to date.
In contrast, the report highlights the significant decrease in Zlob disinfections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009 ? a remarkable tenfold decrease.
Global Best Practices
Infection rates and threats vary geographically, and SIRv7 contains proven best practices from countries with the lowest infections. For example, infection rates in Japan, Austria and Germany remained relatively low during this period. Following is insight into how professionals from these regions keep their customers and resources safe from cyber threats:
?Japan has seen its infection rates remain relatively low. One of the reasons is due in large part to collaborations such as the Cyber Clean Center, a cooperative project between Internet service providers (ISPs), major security vendors and Japanese government agencies to educate users.
?Austria has implemented strict IT enforcement guidelines to lower piracy rates, and this ? along with strong ISP relationships and fast Internet lines, which aid in security update deployment ? has helped ensure its generally low infection rate.
?Germany has also leveraged collaboration efforts with its computer emergency response team (CERT) and ISP communities to help identify and raise awareness of botnet infections and, in some cases, quarantine infected computers.