Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

May, 2013

  • European Union check-up: Romania still tops the list of most infected in the EU

    It’s time for our semi-annual inspection of the threat landscape in the European Union (EU).  This analysis leverages data from the recently released Microsoft Security Intelligence Report volume 14 (SIRv14) and previous volumes.  The focus of this analysis is the second half of 2012.  If you are interested in prior analysis we have done on the EU please see the following articles:

    Although the malware infection rate in Romania trended down in the second half of 2012, Romania continues to have the highest malware infection rate of any country in the EU.  In the fourth quarter of 2012 (4Q12) Romania’s malware infection rate was 12.4 systems infected with malware for every 1,000 that the MSRT scanned there, as seen in Figure 1.  This is over double the worldwide average of 6.0 for the same time period.  The most common category in Romania in 4Q12 was Miscellaneous Potentially Unwanted Software that affected 43.3 percent of all computers with detections there, up from 37.4 percent in 3Q12. Read more

  • Using the Cloud to Provide Near Real-Time Threat Intelligence to ISPs and CERTs

    Today the Microsoft Digital Crimes Unit announced a new cloud-based version of its Cyber Threat Intelligence Program (C-TIP) that gives Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) around the world access to near real-time threat intelligence.  This new cloud service provides these organizations access to timely information about known malware infections in their systems and regions, enabling them to more quickly and efficiently notify victims of potential security issues with their computer. 

    Every day our systems receive hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. In the past, we provided this intelligence to 44 ISP and CERT organizations in 38 countries using email and other forms of information sharing, but it made sense to evolve this into a near real-time cloud-based service.  On Friday, the Spanish CERT joined other CERTs such as Luxembourg’s CIRCL and govCERT as early adopters of the new C-TIP cloud service. Read more.

  • Cloud Computing Trends Report : Maturity of IT Departments

    As cloud computing matures, a growing number of organizations are interested in moving to cloud environments to help lower IT costs, increase efficiencies, and realize greater flexibility. However, organizations that consider cloud computing have also voiced a number of concerns. In multiple studies over the past several years, security and privacy are commonly cited as top concerns.  For example, Intel IT Pro Research (May 2012) of 800 IT pros found that more than 54% were very concerned and...
  • Attention Students: Only 3 Weeks Left to Enter the Cybersecurity 2020 Essay Contest

    Are you working on cutting edge research on the future of cybersecurity policy? If so, you have less than 3 weeks left to enter our Cybersecurity 2020 essay contest for a chance to win the $5,000 cash prizeRead more.

  • Microsoft's Perspective on Incentives to Adopt Improved Cybersecurity Practices

    Last month my blog post discussed Microsoft’s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama’s Executive Order on cybersecurity.  As a next step in the process of implementing the Executive Order, the Commerce Department recently requested comments regarding incentives to encourage critical infrastructure entities and others to adopt improved cybersecurity practices.  These incentives would be aimed at encouraging participation in a new voluntary program (referred to as the Voluntary Program below) to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST).

    Last week, Microsoft submitted comments to the Commerce Department about these incentives.  Before discussing Microsoft’s  comments, it is important to acknowledge that the Commerce Department has led an ongoing public discussion about how to incent broader adoption of cybersecurity practices, reaching back to Commerce’s Green Paper on Cybersecurity, Innovation, and the Internet Economy and our comments both prior and subsequent to the Green Paper.  We appreciate the Commerce Department’s consistent focus on the important challenge of creating incentives to increase cybersecurity. Read more

  • Are Viruses Making a Comeback?

    In the six or seven years that we have been publishing the Microsoft Security Intelligence Report (SIR) I have seen many trends emerge over time.  The threat landscape is constantly changing as attackers try to find methods that will help them compromise the systems they target.  For several years viruses (file infectors) seemed to be out of favor with attackers as they used other categories of threats to attack systems. 

    Viruses simply didn’t support the profit motive many attackers had in the same way that Trojan Downloaders and Droppers, Miscellaneous Trojans, and Password Stealers and Monitoring Tools all did.  Viruses are threats designed in an era before ubiquitous Internet connectivity made it easier for Worms to successfully self-propagate.  Worms like SQL Slammer and Blaster spread around the world in minutes.  This would likely take an old fashioned file-infector much, much longer to accomplish, limiting their ability to infect large numbers of systems quickly.  Additionally, Viruses tend to be relatively “noisy” threats as they typically try to infect large numbers of files (.exe, .dll, .scr) on the systems they compromise.  This characteristic can make them easier to detect than other more blended threats.

    Subsequently, I have rarely seen the Virus threat category found on more than 5 percent of systems with detections globally.  There have been regional exceptions like Korea, Russia, and Brazil, where I have seen relative Virus levels reach between 10 and 15 percent.  But more recently I have noticed that Viruses seem to be making a comeback.  As seen in Figure 1, the relative prevalence of Viruses has been trending up.  The prevalence worldwide for the Virus threat category was 7.8 percent in the fourth quarter of 2012 (4Q12).  Read more.

  • Security Development Conference 2013 - Kick Off

    This morning at the Security Development Conference in San Francisco, I am joined by hundreds of organizations that have traveled from all over the world to learn more about proven practices in security development that can help reduce an organization’s risk to threats on the Internet.  As we anxiously await the two keynotes by Scott Charney and Howard Schmidt to kick off the day, I am reminded of the early days of computing when security development was an afterthought for many organizations.

    The threat landscape has evolved quite a bit over the past decade and the importance of software security is more evident than ever.  To see so many security professionals in attendance at this year’s conference makes me cautiously optimistic that more and more organizations are starting to take application security seriously. 

    Despite the growing awareness on the need for application security, adoption numbers remain low.  A recent Microsoft survey found that only 37% of IT Professionals worldwide cited their organizations as building their products and services with security in mind. In that same study, 61% of developers were not taking advantage of mitigation technologies that already exist such as ASLR, SEHOP and DEP.  The three biggest roadblocks cited by IT professions and developers were management approval, lack of support and training and cost. Read more

  • Microsoft Security Intelligence Report volume 14 on the Road: Japan

    I was in Tokyo a couple of weeks back, talking to people about the latest Microsoft Security Intelligence Report.  According to the report, Japan continues to have one of the lowest malware infection rates in the world, as seen in Figure 1.  The Microsoft Malicious Software Removal Tool (MSRT) found just 0.7 systems infected with malware for every 1,000 systems scanned in the fourth quarter of 2012.  The worldwide average was 6.0 during the same period.

    Read more.


    In less than two weeks, the world’s best and brightest security professionals will converge on the InterContinental Hotel San Francisco, CA for the Security Development Conference! Don’t miss this opportunity to hear from industry experts who will discuss current security topics and issues.

    REGISTER NOW using this discount code: IND@SDC#12 and save $300 off current registration prices.  For more information, visit the website at or contact