This morning, Adrienne Hall, General Manager for Trustworthy Computing delivered a keynote speech at RSA Europe and announced the availability of the Microsoft Security Intelligence Report volume 13 (SIRv13).  It’s hard to believe that it’s been over six years since we published the first volume of the report.  The report has evolved a lot since then, but our goal has always remained the same: to provide our customers with the most comprehensive view into the threat landscape so they can make informed risk management decisions. 

The latest report, SIRv13, is over 800 pages of data and analysis with deep dives for 105 countries/regions around the world.  It is designed to provide in-depth perspectives on software vulnerabilities and exploits, malicious code threats and potentially unwanted software based on data from over 600 million systems, 280 million Hotmail accounts and billions of web pages scanned by Bing. 

One of the most interesting trends to surface out of the latest report was the surge in software activation key generators being used as a mechanism to distribute malware.   In the first six months of 2012, the threat family Win32/Keygen, representing software activation key generators, was detected nearly five million times.  Keygen detections have increased by a factor of 26 since the first half of 2010 and today Keygen is the number one consumer threat family worldwide, rising above other prevalent threat families like Pornpop, Blacole, Conficker and FakePAV.  The prevalence of Keygen varies from location to location, however it is listed as a top 10 threat for 103 of the 105 countries/regions studied in SIRv13.  That means Keygen is in the top 10 list of threats for 98% of the locations we provide analysis for in SIRv13.

Figure 1:  Relative detections of threat families in the 10 countries/regions with the most detections in 2Q12

To provide a little background, Win32/Keygen is a family of tools that generates keys for various software products. By nature, Keygen is not malicious. However, because it is commonly bundled with, or leads to, malware, it is classified by the Microsoft Malware Protection Center as “Potentially Unwanted Software.”  According to the report, more than 76% (that’s approximately 3.8 million of the 5 million aforementioned Keygen detections) of computers reporting Keygen detections in the first half of 2012 also reported detections of other malware families. This is a good indication that Keygen is often bundled with, or leads to, malware infections.  In the report we have a feature story which dives into greater detail on deceptive downloads like Keygen and provides mitigation guidance on how to help protect against this type of social engineering threat. 

Of course this is just one of the many interesting trends you’ll see in the latest report.  I encourage you to visit the Microsoft Security Intelligence Report website and download the report today to learn about the latest threat trends and the actions you can take now to help mitigate risk within your environment.  You can also read the key findings summary or watch a short video for a summary of the data contained in the report.

Tim Rains
Director
Trustworthy Computing