One of the Microsoft Malware Protection Center’s (MMPC) goals is to share the valuable data, insights and expertise we have with customers on a regular basis in an effort to help customers better understand the changes occurring in the threat landscape and improve their defenses accordingly. We just released the third volume of our threat report, called the Security Intelligence Report (SIR). The SIR shares the conclusions drawn by our research team using data gathered from the Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Windows Live OneCare, Windows Live OneCare safety scanner, Exchange Hosted Services, and Forefront Client Security (FCS). The net of this, is threat related data from several hundred million Windows based systems.
The MMPC partners with several groups within Microsoft to make the SIR a unique threat report. The Microsoft Security Response Center (MSRC), the Trustworthy Computing (TwC) group and numerous product groups all contribute to the report. In this volume of the SIR, the MSRC has written a couple of sections on software vulnerability disclosures and exploits. Here’s an example of one observation by the MSRC: The number of disclosed vulnerabilities across the software industry continues to climb, with more than 3,400 new vulnerabilities disclosed in 1H07. But according to the data we’ve gathered this number actually represents a decrease from 2H06, the first period-to-period decline in total vulnerabilities since 2003. Another trend identified by the MSRC is that while the number of vulnerabilities continues to increase, the ratio of exploit code available for those vulnerabilities is on a slight decline.
We have been listening to feedback from customers, partners and analysts regarding what they liked in past releases of the SIR and what they thought could be improved. Based on that feedback we have made some big changes in this new volume of the SIR that I hope readers will like. Please keep the feedback coming! Some of the changes we made in the new SIR include:
· The report includes a new section on Software Vulnerability Exploits, which is authored by the MSRC.
· The report now has a new look and feel which includes an executive summary as well as customer guidance (strategies, mitigations, and countermeasures) in each section of the report
· A ten page “Key Findings Summary” is also available which provides an executive summary of the 92 page SIR. This summary is available in the following languages: Chinese (Simplified), Chinese (Traditional), English, French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, Spanish
· From the data in the SIR we can see that the trends continue in a direction that indicates attackers are financially motivated and are adjusting their tactics along with constantly modifying the threats, both malicious and potentially unwanted (you can read more about what distinguishes each of these in the report) they use to support this goal. Some examples of findings in the new SIR:
· Significant increases in categories, such as Trojan downloaders, potentially unwanted software (which includes rogue security software), and exploits, suggest that distribution of potentially unwanted software is less and less a matter of a normal affiliate model and more often malicious and/or criminal in method and intent.
· The MSRT removed significantly more malware in 1H07 than in previous periods. It removed malware from 1 out of every 217 computers in 1H07, compared to 1:409 in 2006 and 1:359 in 2H05.
· We found 65% less Potentially Unwanted Software and 60% less malware on computers running Windows Vista than on computers running Windows XP SP2.
You can read more in the SIR: www.microsoft.com/sir