Systems that host and distribute malware are located all over the world.  These systems have typically been compromised and are being used for illicit purposes unbeknownst to the administrators of the systems.  These compromised machines can be personal computers located in homes and small businesses, as well as servers in data centers. 

Some background information
To get a sense of how attackers use malware hosting servers, just look at drive-by download attacks as one example.  A drive-by download site is a website that hosts one or more exploits that target specific vulnerabilities in web browsers, and browser add-ons. Malware distributors use various techniques to attempt to direct internet users to websites that have been compromised or are intentionally hosting hostile code. Users with vulnerable computers can be secretly infected with malware simply by visiting such a website, even without attempting to download anything themselves.  I have written about drive- by download attacks before: What You Should Know About Drive-By Download Attacks part 1, part 2.

The RSA Conference in San Francisco is over for another year.  I want to thank all those conference attendees that attended one of the many activities Microsoft had going on during the week or took time to visit our booth.

Special thanks to those conference attendees that attended the breakout session that Jeff Jones and I hosted on the Microsoft Security Intelligence Report.  The session was well attended and we had some great questions during and after the session.  It was a lot of fun for both Jeff and I!

This article in our compliance series looks at the importance of secure software development to the financial services industry.  Software - whether running on PCs, laptops, or in new cloud-based services plays a critical role for financial services institutions in helping to protect their business and customers. It can help protect against malicious attacks, theft of customer data and even corporate assets.  However, designing large, complex programs and services that manage this data in a secure manner can be difficult without a good secure development process in place.  This is one of the reasons the BITS Software Assurance Framework was created by the Financial Services Roundtable.

The exploitation of vulnerabilities specific to country-code top-level domain (ccTLD) registries has become an increasingly common problem, especially in relatively small markets around the world. A ccTLD is an internet domain registry generally used or reserved for a country, a sovereign state, or a dependent territory, such as .co.uk (for United Kingdom) or .fr (for France). This allows web sites to be associated with their specific country, territory or geographic location and it provides the foundation for internet experiences by ensuring people using the internet reach the services they expect.  Today, over 300 country-code top-level domain name registries are responsible for servicing hundreds of millions of domain names worldwide.

This is the final part of a three part series exploring the question of whether regions that experience political instability also experience increased malware infection rates and face more severe threats compared to more stable locations.  I examined Egypt in part 1 of this series, and Syria in part 2.  In this article I look at the threat landscape in Iraq using data from a new Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance and past volumes of the Microsoft Security Intelligence Report.

This year’s RSA Conference is next week at the Moscone Center in San Francisco.  If you are planning to attend, there are a few activities that I want to call to your attention. 

Microsoft’s Keynote
On Tuesday, February 26 at 8:50am PST, Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote titled “Making a Case for Security Optimism.”  In the keynote, Scott will share his viewpoint on key security industry accomplishments that will have long-term impact and together form a basis for optimism.

This is part two of a three part series exploring the question of whether regions that experience political instability also experience increased malware infection rates and face more severe threats compared to more stable locations.  I examined Egypt in part 1 of this series.  In this article, using data from a new Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance and volume 13 of the Microsoft Security Intelligence Report, I will take a look at another region that has experienced political instability: Syria.

One question I have been asked on occasion is whether regions that experience political instability also experience increased malware infection rates and face more severe cyber-threats compared to more stable locations.  Recently, we published a new Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance.  This new report examines the correlation between thirty-four different socio-economic factors and regional malware infection rates across 105 countries.  I used this new report to try to get some insight into whether political instability is linked to higher malware infection rates.  To do this I took a closer look at a couple of the socio-economic factors from the report, demographic instability and regime stability. 

This week we published a special edition to the Microsoft Security Intelligence Report titled “Linking Cybersecurity Outcomes and Policies.” The report contains a new methodology for identifying the linkages between socio-economic factors, public policies, and cybersecurity outcomes. We are making this report available to help encourage further discussion and research on the relationship between policy decisions and technical outcomes. This post is intended to help provide insight into the methodology that was used in the analysis. 

Today, Microsoft’s Digital Crimes Unit, in collaboration with Symantec, have successfully taken down a dangerous botnet called "Bamital" that was being used to hijack people’s search results and take them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks. This botnet was exploiting the major online search and advertising platforms including Bing, Google and Yahoo. Over the last two years alone, Microsoft estimates this botnet to be responsible for compromising more than eight million computers and stealing tens of millions of dollars from unsuspecting victims all around the world.