​People act differently at home and at work, so it’s no surprise that malware also acts differently at home and in enterprise.  As seen in the latest edition of the Microsoft Security Intelligence Report, there are plain differences between the two, with some new changes as well.

The Conficker worm and other worms are still relatively dangerous to enterprise computers, but IFrameRef has now replaced these worms as the number one threat at work.  IFrameRef is a detection for a small piece of HTML code that redirects browser traffic, typically to a chain of redirects that results in a malware attack.
 
Figure 42: Quarterly trends for the top 10 families detected on domain-joined computers in H2 2012, by percentage of domain-joined computers reporting detections

Quarterly trends for the top 10 families detected on domain-joined computers in H2 2012, by percentage of domain-joined computers reporting detections


Home users are encountering ever larger numbers of Keygens, which are much rarer in the enterprise.  Enterprises are typically subject to software licensing audits, which discourage use of improperly licensed software.
 
While Adware is rare in the enterprise, many home users are reporting it.  Exploits are a shared danger, which makes keeping real-time security software up-to-date incredibly important, as shown in the feature story on the consequences of running unprotected.
 
Figure 43: Quarterly trends for the top 10 families detected on non-domain joined computers in H2 2012, by percentage of domain-joined computers reporting detections.

Quarterly trends for the top 10 families detected on non-domain joined computers in H2 2012, by percentage of domain-joined computers reporting detections

See the Microsoft Security Intelligence Report for additional details on enterprise and home threats, and much, much more.
 
Joe Faulhaber
MMPC