Customers often look for information about malware that may affect them. For the last couple of years, we have shown that malware doesn’t spread evenly across the globe, despite the global nature of the Internet. Threats that rely on social engineering, are not equally effective in different parts of the world due to language barriers or cultural factors.  Also sometimes the malware spreads using exploits in applications which also are unevenly distributed around the world. The Microsoft Security Intelligence Report (SIR) volume 6 which was released last Wednesday, provides lots of information about these aspects. The following chart from the SIR compares the prevalence of different categories of malware and Potentially Unwanted Software in some of the world’s biggest economies. The SIR provides examples for many of these differences. For example, it discusses the password stealers that spread using emails in Portuguese that  target online users mostly in Brazil, where Portuguese is spoken.

 Screen shot of figure 43 that shows the threat landscape WW and in eight of the biggest economies

The SIR also measures the infection rate around the world using the telemetry data we get from our different antimalware products, and in particular from the MSRT. Here’s the global heatmap that we created using telemetry from this tool:

The SIR even provides the infection rate for 215 different countries and regions during the second half of 2008 (see page 134). Some of the countries/regions with the highest infection rates are Serbia and Montenegro, Russia, Brazil, Turkey and Spain while some of the countries/regions with the lowest infection rates are Vietnam, Philippines, Macao S.A.R ,Japan and Morocco:

Screen shot of figure 46 and 47 with the list of most infected countries and least infected countries

In addition to that, the SIR includes specific analysis of the threat landscape during the second half of year 2008, in the following countries: Australia, Brazil, Canada, France, Germany, Italy,  Malaysia, Mexico, Norway, Russia, UK and the US. For example in the US, several of the most prevalent families, Win32/Renos, Win32/FakeXPA, Win32/FakeSecSen, Win32/Antivirus2008 and Win32/Winfixer, are either rogue security software or malware that downloads such software. This type of threats has greatly increased during that period.

Screen shot of figure 122 that shows the breakdown of threats categories in the US

The document also examines the system locale of computers where various exploits happened, and locations of servers that hosts malware, phishing or drive-by exploits. We even provided the distribution within the US for some of these cases:

So there’s great information there that you might find useful. Here’s the link:

Ziv Mador
Microsoft Malware Protection Center