The Internet holds great opportunity, but as cybercrime evolves it can be difficult to know how to stay protected. For example, the newest Microsoft Security Intelligence Report version eight (SIRv8) released today reveals that cybercrime continues to mature and adopt more traditional business techniques. As businesses continue a gradual migration toward cloud computing, bot herders in the malware community have adopted their own version of cloud computing – a “black cloud” built on global networks of compromised computers to install spyware, spread malware and spam around the world. Moreover, malware kits are developed, released, and updated just like legitimate products – complete with advanced features and minor releases to improve kit effectiveness.
SIRv8 is the most comprehensive intelligence document our team has published to date. The report incorporates data from 500 million systems, providing insight into threat trends in 26 countries. We originally created the SIR to help protect people from Internet-based criminals and attackers. The SIR provides information that helps customers and partners better understand the problem of malicious software, so they can take appropriate action.
It’s worth noting that all attacks are not created equally. Home users remain the most susceptible to infected malware and socially engineered threats, such as advertisements and personal assistance sites. Worms such as Win32 Conficker are still the top threat to business, using propagation methods that work well within internal networks. Spam messages associated with advance-fee fraud ( “419 scams”) and gambling increased significantly in 2H09, and we found that 90 percent of all botnet (those hacked networks) spam originates from just five botnets.
The telemetry data in SIR has shown consistently that the lowest infection rates are seen on computers running Windows Vista SP2 and Windows 7. Infection rates for both operating systems are less than half the infection rate for computers running Windows XP. Also, analyzing the attacks in affected Office program installations, we found that most attacks affected Office 2003 users who had not applied a single service pack or other security update since the original release of Office 2003 in October 2003.
So what can enterprises and individuals do to defend against the latest malware? Keeping current is essential. Use products developed with security in mind, install good anti-malware solutions, and make certain you are applying the latest software updates.
Finally, in this latest volume we introduced a section based on customer request called “Mitigation Strategies for Protecting Networks, Systems, and People.” This guidance section was developed by Bret Arsenault, Microsoft Chief Information Security Officer and it provides insight on how Microsoft implements our own defense in depth approach to security. We hope you find it valuable and applicable to your systems.
No one individual, company or technology can protect against malware alone. For more information on potential threats today and what you can do, I invite you to visit the SIR website to read SIRv8 and watch the new video, and frequently visit our MMPC site for current threat information.
General Manager, Microsoft Malware Protection Center