Microsoft has just release their latest security Intelligence Report. The Security Intelligence Report covers the time period 2009 from January through June. Data used in this report comes from over 450 million computers worldwide, each running Windows. But additional data originates from Windows Live Hotmail and Bing; those busy applications on the Internet.
This report provides a detailed look at the threat landscape. But it is also provides a working guidance for IT professionals to help mitigate these threats. The analysis comes from the three Microsoft Trustworthy Computing Security Centers as well as several Microsoft product groups.
What you get in Volume 7 is an in-depth perspective on malicious and potentially unwanted software. They also cover software exploits, security breaches and software vulnerabilities. These can be found in Microsoft software and also in third-party software. The perspectives come from a detailed analysis steming from the past several years. The current focus is on the first half of 2009.
Infection Rate By Country
These images are part of the wide range of detailed analysis that is provided by the document, which by the way is over 230 pages in length.
Some Key Findings
The following list only highlights some of the findings that can be found in the report.
Malicious and Potentially Unwanted Software
In the 1st Half 2009 there worm infections increased and were detected in many countries and regions worldwide.
Operating System Trends
Windows Vista had infection rates that were considerably lower than for Windows XP in all configurations in the 1st Half of 2009.
Analysis of Phishing Sites
Phishing rose significantly in the 1st Half of 2009, and was due to a large increase in phishing attacks targeting social networking sites.
Geographic Distribution of Phishing Sites
While phishing sites are concentrated in a few geographic locations, they were detected in many places around the world. According to Microsoft phishing sites were found on every inhabited continent and in 46 of the 50 U.S. states.
FOPE, the Forefront Online Protection for Exchange was busy blocking 97.3 percent of all messages received at the network edge during the 1st Half 2009, up from 90.0 percent in 2nd Half 08. Overall, FOPE blocked close to 98 percent of all messages received.
Automated SQL Injection Attacks
SQL injection was a database compromising tool which is used to damage or steal data located in databases. They target databases that use Structured Query Language (SQL). The SQL injection used syntax to control information storage and retrieval. This technique was observed during the 1st Half 09.
Analysis of Drive-By Download Pages
Drive-by download pages are hosted on compromised legitimate Web sites. But attackers gain access to these legitimate sites through intrusion or surrepitiously when they post malicious code into Web form, such as a comment field on a blog that is not secured very well.
Industry-Wide Vulnerability Disclosures
The total unique vulnerability disclosures that occured around the industry dropped sharply in the 1st Half of 2009, down 28.4 percent from the 2nd Half 08.
Microsoft Vulnerability Details for 1st Half 09
In the 1st Half 09 Microsoft announced and released 27 security bulletins. These addressed close to 90 individual common vulnerabilities, and exposures–identified vulnerabilities.
Regional Variations in Update Service Usage
The use of Microsoft online update services varied around the world due in part to a number of factors. Some having to do with broadband and Internet connectivity, others involved software piracy, and a percentage of computers that were managed in enterprise environments.
Security Breach Trends
For all of the malware and other malicious software that was reported in the 1st half of 2009, the top category for data loss continued to be stolen equipment, such as laptop computers (this was about 30 percent of all data-loss incidents reported.) This accounted for twice as many incidents as intrusion.