According to the recently released Microsoft Security Intelligence Report volume 14, Hong Kong continues to enjoy one of the lowest malware infection rates in the world.  Figure 1 illustrates how Hong Kong’s infection rate has trended from the third quarter of 2011 (3Q11) to the fourth quarter of 2012 (4Q12).  The Microsoft Malicious Software Removal Tool (MSRT) found 2.2 systems infected with malware for every 1,000 systems scanned in the fourth quarter of 2012 while the worldwide average was 6.0 during the same period.

Figure 1 (left): CCM infection trends in Hong Kong S.A.R. and worldwide; Figure 2 (right): Malware and potentially unwanted software categories in Hong Kong S.A.R. in 4Q12, by percentage of computers reporting detections

   

Miscellaneous Potentially Unwanted Software was well above the worldwide average in Hong Kong as seen in Figure 2; four of the top ten threats in Hong Kong were classified as part of this category.  As seen in Figure 3, the top threat found on the list is Win32/Keygen, which affected 19.5 percent of computers with detections in Hong Kong. Win32/Keygen is a generic detection for tools that generate product keys for various software products.  I have written about this threat before.

Figure 3 (left): The top 10 malware and potentially unwanted software families in Hong Kong S.A.R. in 4Q12; Figure 4 (right): Malicious website statistics for Hong Kong S.A.R.

   

Although Hong Kong has a relatively low malware infection rate, it had higher than average levels of both phishing sites and malware sites hosted there in 4Q12.  Financial institutions are primary targets of phishing attacks.  Since Hong Kong is a major financial center, this might help explain the higher than average levels of phishing sites hosted there.

Customers and governments that I talk to all over the world are interested in ways they can achieve great cybersecurity outcomes, like lower malware infection rates.  So while we were in Hong Kong I had the opportunity to ask a few security professionals how Hong Kong maintains such low malware infection rates.  I talked to Roy Ko from Hong Kong’s Computer Emergency Response Team Coordination Center (HKCERT) to get the scoop on Hong Kong’s secret to low malware infection rates.  I also talked with Microsoft Hong Kong’s National Technology Officer, Alan Chan.  I had the rare treat of discussing regional threats with Anthony Fung who is Microsoft’s Senior Manager of Investigations in Hong Kong; Anthony told me about some of the security related research conducted in the region.

Tim Rains
Director
Trustworthy Computing