Data released this month from the Microsoft Security Intelligence Report volume 16 (SIRv16) helps us understand which countries/regions encountered the most malware in 2013.
The “encounter rate” is the percentage of computers running Microsoft real-time security software that report detecting malware, or report detecting a specific threat or family, during a period. Most of these encounters are from systems running Microsoft Security Essentials or Windows Defender (on Windows 8). The below chart provides a breakdown of the top 10 locations with the highest malware encounter rates.
Figure 1: The top 10 locations with the highest malware encounter rates between the first quarter of 2013 (1Q13) and the fourth quarter of 2013 (4Q13), with the malware infection rate for each in the fourth quarter of 2013 (4Q13)
In the fourth quarter of 2013, the worldwide average encounter rate was 21.6% and the average malware infection rate (CCM) was 17.8.
Figure 2 below from our Security Intelligence Report helps visualize how these countries/regions compare to the worldwide average. This chart focuses on the top 5 locations with the highest malware encounter rates in the second half of 2013. These locations include Pakistan, Algeria, Indonesia, India, and Vietnam.
Figure 2: Trends for the five locations with the highest malware encounter rates in the second half of 2013
It might be tempting to assume that because these locations had the highest malware encounter rates in the world, they must also have the highest malware infection rates. However, not every encounter results in an infection. Attempts by malware to infect a machine can be blocked by any number of security protection layers. For example:
- Antimalware – Real-time security software may have signatures in place to help detect and block the malware from compromising the system.
- Security Updates – The Application, browser and/or the operating system may have security updates installed which can help prevent the vulnerability from being exploited.
- Security Mitigations – Security mitigations such as DEP and ASLR may also be turned on which can help make it more difficult to exploit vulnerabilities even when no security update exists.
Interestingly, only two of the countries/regions from the top ten encounter list above were listed in the top ten list of countries/regions with the highest malware infection rates in the last quarter of 2013: Algeria and Tunisia.
That said, all of the countries/regions listed in the chart above had malware infection rates (Computers Cleaned per Mille or CCM) above the worldwide average of 17.8 computers cleaned per 1,000 scanned by the Microsoft Malicious Software Removal Tool (MSRT).
Top 10 Threat Encountered Across All Countries/Regions
Rotbrow was a top 10 threat encountered across all the countries/regions in the chart above. Rotbrow is a family of trojans that presents itself as a browser add-on (Browser Protector or Browser Defender). Researchers have observed Rotbrow installing browser add-ons and other malware. It is commonly packaged with malware used to alter browsing behavior and monetize ads. The browser add-on had legitimately existed without exhibiting malicious behavior. However, in 2013, researchers discovered some versions of the Browser Protector process, called BitGuard.exe, secretly installing Win32/Sefnit, which quietly abuses the compromised system by performing click fraud, and dropping an installer File Scout, which was determined to be a malicious downloader in April 2014. Click fraud makes cybercriminals money by using your profile to click on ads from your computer, or by redirecting search results.
Most Prevalent Threats Encountered in 8 out of the 10 Countries
Brantall, Ramnit, Autorun, Sality and Gamarue and CplLnk were highly prevalent threats in the majority of countries/regions above. Interestingly, all these threats except for CplLnk were also found in the top 10 threat families encountered by Microsoft’s real-time antimalware products worldwide. For more information on these threats, I encourage you to download the latest report.
Often time malware infections can be mitigated against by applying good security best practices. Some things computer users can do today to help protect themselves from these threats include:
- Use newer software that provides enhanced protections
- Keep all of the software installed on your system up-to-date. This includes software from Microsoft, Adobe, Oracle Java, and others.
- When downloading files or software online, make sure you are doing so from a trusted vendor.
- Run up-to-date antimalware
- Think before you click – Don’t click on links or open attachments from untrusted sources.
- Back-up your files.