Security Intelligence Report v10 – A Deeper Look at Asia Regional Trends

I just got back to Redmond after spending the last couple of weeks touring several locations in Asia, where I was briefing customers and partners on the key findings of the Microsoft Security Intelligence Report volume 10 (SIRv10). As I mentioned in a past post on SIRv10, it contains a detailed analysis of threats in 117 locations around the world.

There are global malware threats that we see appear in many regions around the world, but there are also many threats that are highly regionalized that only prevalent in a handful of regions. There are some interesting differences in the mix of threats we observed in different regions in Asia that I had a chance to discuss with customers and partners while I was there.

For example, you can see from the SIRv10 data below for every 1,000 systems scanned by the Malicious Software Removal Tool (MSRT) in Malaysia in Q1 of 2010, it cleaned 7.6 systems infected with malware. This number trended downward during the year as did the worldwide average. The phishing sites per 1,000 hosts that were observed during the year trended up significantly. Worms, miscellaneous potentially unwanted software and backdoors were found in significantly higher quantities in Malaysia than the world wide averages for these threat categories.

Figure 1: (left) SIRv10 data points for Malaysia; (right) Regional threat categories in Malaysia observed in the 4th quarter of 2010

clip_image002 clip_image004

The same data set for Korea gives you an idea of how regions can differ in terms of the mix of threats found. The infection rate data for Korea is significantly higher (4.5 times higher) than Malaysia, with 34.4 systems cleaned by the MSRT for every 1,000 scanned in the first quarter of 2010. In addition, the malware hosting sites per 1,000 hosts is 250 times larger in Korea than Malaysia.

Figure 2: (left) SIRv10 data points for Korea; (right) Regional threat categories in Korea observed in the 4th quarter of 2010


The data sets for other locations in Asia, such as Hong Kong and China, illustrate similar differences.

Of course this data is just a starting point – local governments and law enforcement, in partnership with Microsoft and the rest of the industry need to understand why these differences exist and work to reduce both global and regional threats.

Tim Rains
Director, Product Management
Trustworthy Computing Communications

About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »