Friday, May 28, 2010



The Microsoft Security Intelligence Report (SIR) has become established as the most comprehensive and detailed examination of the evolving threat landscape. Microsoft is committed to combating online threats and to educate the industry around today’s evolving threat landscape.

Microsoft has released volume 8 of the Microsoft Security Intelligence Report ( This volume of the SIR covers the period from 1st July – 30th December 2009 and builds on telemetry and analysis over the past several years.

Although threats and techniques are becoming more sophisticated worldwide, SIR v8 reinforces that observing security fundamentals, like staying up-to-date on the latest security updates and migrating to newer software, can help IT professionals and home users achieve safer, more trusted Internet experiences. The data shows that malware infection rates on Windows 7 and Windows Vista SP2 are 50 percent less than on its predecessor, Windows XP. Key findings include the following information:

  • Data in SIRv8 shows that techniques used in pursuit of Cybercrime continue to mature, Mirroring Traditional Business Techniques. Cyber criminals are becoming increasingly sophisticated, financially motivated and organized to turn Cybercrime into a business.
  • Security Fundamentals and Technology Innovation Are Raising the Bar on Cybercrime – SIR v8 shows that following security fundamentals and migrating away from older technology can successfully mitigate potential attacks. Using latest versions mean you are less likely to be compromised. Installing security updates is the fundamental Internet security best practice regardless of whether you are using latest versions or old software.
  • We all need to do more to defend against Cybercrime – an industry-wide challenge - Producing software products that continue to contain vulnerabilities that criminals are showing themselves to be increasingly effective at finding and exploiting is a challenge as shown in SIR v8. For instance, a higher proportion of web-based malware exploits succeed against 3rd-party applications rather than the underlying OS or browser, when the OS and browser have been strengthened through security development processes (which I have discussed in the previous issues of Security Focus). Cyber criminals are not going away, but organizations can limit their success by adopting mitigating strategies to protect network, systems and people. No one individual, company, or technology can solve the security and privacy challenges we face online today. Microsoft encourages the global security and privacy communities, individuals and groups of internet users and others throughout the industry to work together through a community-based defense approach to help create a safer, more trusted Internet.
    In India, we have seen
  • that the threat landscape was dominated by malware, which accounted for 77.1 percent of all threats detected on infected computers in 2H09.
  • the most common category in India was Worms, which accounted for 20.6 percent of all infected computers.
  • together, Miscellaneous Trojans and Trojan Downloaders & Droppers made up more than 32 percent of all families detected on infected computers in India in second half of 2009.
  • Four of the eleven most prevalent threats detected in India during second half of 2009 (Win32/Taterf, Win32/Hamweq, Win32/Conficker and Win32/Autorun) spread via mapped drives with weak or missing passwords, removable media (such as USB drives), or a combination of both.
  • Win32/Renos, the second-most prevalent family in India in second half of 2009, was also the second-most prevalent threat detected worldwide. Win32/Renos is a family of trojan downloaders that install rogue security software. (Rogue security software — software that displays false or misleading alerts about infections or vulnerabilities on the victim’s computer and offers to fix the supposed problems for a price — has become one of the most common methods that attackers use to swindle money from victims.)
  • Win32/Taterf ranked first in the world and in India Win32/Taterf ranked third, (Win32/Taterf: A family of worms that spread through mapped drives to steal login and account details for popular online games.)
  • Win32/Ardamax, the fourth-most prevalent family detected in India in second half of 2009, does not appear in the top 25 families detected worldwide. Win32/Ardamax is a key-logger program that can capture user activity and save it to a text or HTML file. Win32/Ardamax can be configured to send these files via e-mail to a predefined address.

Extract from Microsoft Newsletter.

The Complete report can be read here: