I just got back to Redmond after spending the last couple of weeks touring several locations in Asia, where I was briefing customers and partners on the key findings of the Microsoft Security Intelligence Report volume 10 (SIRv10). As I mentioned in a past post on SIRv10, it contains a detailed analysis of threats in 117 locations around the world.
There are global malware threats that we see appear in many regions around the world, but there are also many threats that are highly regionalized that only prevalent in a handful of regions. There are some interesting differences in the mix of threats we observed in different regions in Asia that I had a chance to discuss with customers and partners while I was there.
For example, you can see from the SIRv10 data below for every 1,000 systems scanned by the Malicious Software Removal Tool (MSRT) in Malaysia in Q1 of 2010, it cleaned 7.6 systems infected with malware. This number trended downward during the year as did the worldwide average. The phishing sites per 1,000 hosts that were observed during the year trended up significantly. Worms, miscellaneous potentially unwanted software and backdoors were found in significantly higher quantities in Malaysia than the world wide averages for these threat categories.
Figure 1: (left) SIRv10 data points for Malaysia; (right) Regional threat categories in Malaysia observed in the 4th quarter of 2010
The same data set for Korea gives you an idea of how regions can differ in terms of the mix of threats found. The infection rate data for Korea is significantly higher (4.5 times higher) than Malaysia, with 34.4 systems cleaned by the MSRT for every 1,000 scanned in the first quarter of 2010. In addition, the malware hosting sites per 1,000 hosts is 250 times larger in Korea than Malaysia.
Figure 2: (left) SIRv10 data points for Korea; (right) Regional threat categories in Korea observed in the 4th quarter of 2010
Of course this data is just a starting point – local governments and law enforcement, in partnership with Microsoft and the rest of the industry need to understand why these differences exist and work to reduce both global and regional threats.
Director, Product Management
Trustworthy Computing Communications