Today on the Microsoft Blog Vinny Gullotto, general manager of MS Malware Protection Center, announced the release of the Microsoft Security Intelligence (SIR) Report version 8. The SIR is a wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Microsoft creates the SIR to provides information that helps customers and partners better understand the problem of malicious software, so they can take appropriate action.
Volume 8 of the Security Intelligence Report (SIR v8) covers July 2009 through December 2009. It includes data derived from more than 500 million computers worldwide, each running Windows. It draws from a variety of sources, such as Forefront and some of the business Internet services, like Windows Live Hotmail and Bing.
The full report and a great interactive summary is available here and here’s a video of Vinny and Frank Simorjay discussing the report.
A key finding of the latest SIR is that cybercrime continues to mature as criminals model their operations on conventional business processes. Enterprise networks continue to be susceptible to worms while home users are more exposed to malware and socially engineered threats.
And criminals continue to package online threats into “kits” to maximize potential impact. The Eleonore browser exploit kit, for example, employs different exploits for browsers from several different vendors as well as popular application software frequently found on systems.
SIRv8 further confirms that attackers are now largely motivated by financial gain and rarely act alone. For example, malware creators seldom conduct attacks themselves but instead work with other criminals in online black markets to buy and sell malware kits and botnet access. Bot herders are also at the core of the professional online threats, knitting together compromised machines into a dark version of a Cloud Computing network.
From Vinny’s blog post:
The telemetry data in SIR has shown consistently that the lowest infection rates are seen on computers running Windows Vista SP2 and Windows 7. Infection rates for both operating systems are less than half the infection rate for computers running Windows XP. Also, analyzing the attacks in affected Office program installations, we found that most attacks affected Office 2003 users who had not applied a single service pack or other security update since the original release of Office 2003 in October 2003.
So what can enterprises and individuals do to defend against the latest malware? Keeping current is essential. Use products developed with security in mind, install good anti-malware solutions, and make certain you are applying the latest software updates.
Finally, in this latest volume we introduced a section based on customer request called “Mitigation Strategies for Protecting Networks, Systems, and People.” This guidance section was developed by Bret Arsenault, Microsoft Chief Information Security Officer and it provides insight on how Microsoft implements our own defense in depth approach to security. We hope you find it valuable and applicable to your systems.