While on the road in Asia, I had an opportunity to meet with security professionals from Malaysia, India and Singapore to discuss regional threat trends based on data from our latest Microsoft Security Intelligence Report.  These discussions and an analysis of the threat landscape for Asia are summarized below.


MALAYSIA

Malaysia’s threat landscape was very active in the third (3Q12) and fourth (4Q12) quarters of 2012.  The region’s malware infection rate was well above the worldwide average and Malaysia had the world’s highest concentration of phishing sites in 4Q12.  The level of malicious websites hosted in Malaysia was also 28 percent higher than the worldwide average.  Figures 1 and 2 below provide a glimpse into the threats that were most prevalent in the region.

Figure 1 (left): Malware and potentially unwanted software categories in Malaysia in 4Q12, by percentage of computers reporting detections, note: totals exceed 100 percent because some computers are affected by more than one kind of threat; Figure 2 (right): prevalent threat families in Malaysia between 1Q12 and 4Q12

   

As I have written about in the past, numerous socio-economic factors have a correlation with regional malware infection rates.  Figure 3 illustrates some of the factors for Malaysia.

Figure 3: some of the socio-economic factors examined with values for Malaysia from 2011

 

For more information on the threat landscape in Malaysia, I encourage you to download the regional threat report.


INDIA

Overall, India had significantly more malware detections than most locations in Asia.  India’s malware infection rate was 67 percent higher than the worldwide average in the fourth quarter of 2012.   Systems hosting phishing sites and malware in India were also at elevated levels in the second half of 2012.  Phishing sites in India were 40-50% higher than the worldwide average and malware hosting sites were 15-23% higher than the worldwide average.  This data is interesting.  Given the relatively high malware infection rate in the region, it makes sense that attackers would seek to use compromised systems to host malicious websites.  But many places in India do not have consistently fast connectivity to the Internet, which presumably would make it a poor location to host malicious websites.  Figures 4 and 5 below provide a glimpse into the threats that were most prevalent in the region.

Figure 4 (left): Malware and potentially unwanted software categories in India in 4Q12, by percentage of computers reporting detections, note: totals exceed 100 percent because some computers are affected by more than one kind of threat; Figure 5 (right): the top 10 malware and potentially unwanted software families in India in 4Q12

   

The prevalence of Worms in India was well above the worldwide average as seen in Figure 4; worms were found on 40 percent of all computers with detections in India during the fourth quarter of 2012, up 38 percent from the third quarter of 2012.

Viruses were also well above the worldwide average in the region.  Two viruses are on the top ten list of threats in India, as seen in Figure 5, Win32/Sality and Win32/Virut.  Sality isn’t a new threat, but has evolved over time.  It’s a family of polymorphic file infectors that target executable files with the extensions .scr or .exe, and may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.  Sality affected 17 percent of computers with detections in India in the fourth quarter of 2012.  Win32/Virut is a family of file-infecting viruses that target and infect .exe and .scr files accessed on infected systems. Win32/Virut also opens a backdoor by connecting to an IRC server. 

Another interesting thing to note about the threats found in India is that several of the threats on the top ten list attempt to exploit the vulnerability addressed by MS10-046, released three years ago.  This vulnerability was one of the vulnerabilities that Stuxnet originally used.  It has now been incorporated into several prevalent malware families like Win32/Autorun, Win32/CplLnk, Win32/Ramnit, and Win32/Sality, all of which are on India’s top ten list of threats.  This makes it especially important that systems in India are kept up-to-date with security updates.

Figure 6 provides a snapshot of socio-economic factors in India correlated with regional malware infection rates.

Figure 6: some of the socio-economic factors examined with values for India from 2011

For more information on the threat landscape in India, I encourage you to download the regional threat report


SINGAPORE

Singapore’s malware infection rate overall has been consistently lower than the worldwide average.  However phishing sites and drive-by download sites in Singapore were higher than the worldwide average in 4Q12.  Figures 7 and 8 below provide a glimpse into the threats that were most active in the region.

Figure 7 (left): Malware and potentially unwanted software categories in Singapore in 4Q12, by percentage of computers reporting detections, note: totals exceed 100 percent because some computers are affected by more than one kind of threat; Figure 8 (right): prevalent threat families in Singapore between 1Q12 and 4Q12

   

Like Malaysia, Keygen, was the top threat detected in Singapore.  I have written about this threat before and you can read the details here.  Also noteworthy, IFrameRef was number 5 on the top 10 list of threats found in Singapore in 4Q12.  This same threat was the top threat found in enterprise environments worldwide in 4Q12, as I recently wrote.  JS/IframeRef is a malicious piece of JavaScript code that is presented on infected or malicious websites.  The purpose of the script is to redirect your browser to other sites that attempt to download malware onto your computer, often by exploiting unpatched software vulnerabilities. 

Figure 9 provides a snapshot of socio-economic factors in Singapore correlated with regional malware infection rates.

Figure 9: some of the socio-economic factors examined with values for Singapore from 2011

For more information on the threat landscape in Singapore, I encourage you to download the regional threat report

Tim Rains
Director
Trustworthy Computing