Categories: PCSecurityWorkspace

Firms Get Worms, Warns Microsoft

Businesses are facing increasingly sophisticated threats, after Microsoft issued Volume 8 of its Microsoft Security Intelligence Report which showed that Windows XP is bearing the brunt of new attacks.

The report gathers data from around 500 million computers worldwide, in addition to a variety of online services such as Bing, in an effort to paint a comprehensive portrait of the world’s IT security scene for the second half of 2009.

Stop Picking On XP

Older operating systems received the brunt of attacks, according to Microsoft, with Windows XP reporting generally higher infection rates than either Windows 7 or Windows Vista. Of all the Microsoft-built operating systems, the 64-bit versions of Windows 7 RTM and Windows Vista SP2 reported the lowest numbers of computers cleaned for every 1,000 Malicious Software Removal Tool (MSRT) executions, averaging 1.4 PCs for each, while Windows XP SP 1 experienced the most, with 21.7 PCs cleaned per 1,000 executions.

As a generalised trend, succeeding service packs for operating systems resulted in progressively lower rates of infection. According to the report, “Microsoft security products cleaned rogue security software-related malware on 7.8 million computers in [the second half of] 2009, up from 5.3 million computers in [the first half of 2009] – an increase of 46.5 percent.”

Infection data differed somewhat between enterprise and consumer PCs, however, reflecting the differing needs and technologies of those respective segments.

“Domains are used almost exclusively in enterprise environments, and computers that do not belong to a domain are more likely to be used at home or in other non-enterprise contexts,” the report reads. “Comparing the threats that are encountered by domain computers and non-domain computers can provide insights into the different ways attackers target enterprise and home users and which threats are more likely to succeed in each environment.”

Can Of Worms

In that spirit, the report suggests that the largest threat facing domain computers is worms, which account for around 32 percent of the top 10 threats detected. By contrast, worms constituted only 15 percent of detected threats for non-domain computers.

Those results were revered for “Misc. Trojans,” detected on 18 percent of surveyed domain computers but around 25 percent of non-domain ones. “Misc. Potentially Unwanted Software” was detected on 16 percent of domain computers, versus 13 percent for non-domain, while “Trojan Downloaders & Droppers” hit 13 percent of domain computers and 15 percent of non-domain. “Password Stealers & Monitoring Tools” were a relative matchup, with 7 percent of domain computers and 9 percent of non-domain computers reporting encounters.

“Adware” represented a much larger threat to non-domain computers, being detected 12 percent of the time, while domain computers only encountered this particular threat 3 percent of the time. For “Backdoors,” “Viruses,” “Exploits” and “Spyware,” rates of encounter for both domain and non-domain computers remained in the low single digits.

“Worms typically spread most effectively via unsecured file shares and removable storage volumes,” the report suggests, “both of which are often plentiful in enterprise environments and less common in homes.” Of those worms: “Win32/Conficker, which uses several methods of propagation that work more effectively within a typical enterprise network environment than over the public Internet, leads the list by a wide margin.”

Spam, Spam, Spam

The report also broke down other elements of the web’s seedy underbelly, including spam; the top five locations that sent the most spam emails in the second half of 2009 included the United States (27 percent), Korea (6.9 percent), China (6.1 percent), Brazil (5.8 percent) and Russia (2.9 percent).

On a more positive note, the report also noted that the amount of industry-wide vulnerability disclosures for software has been steadily declining since the first half of 2006, including high- and medium-severity alerts. Vulnerability disclosures overall were down 8.4 percent from the first half of 2009 alone.

“The continued predominance of High severity and Medium severity vulnerability disclosures is likely caused at least in part to the tendency of both attackers and legitimate security researchers to prioritize searching for the most severe vulnerabilities,” the report suggests. “Application vulnerabilities continued to account for most vulnerabilities in [the second half of] 2009, although the total number of application vulnerabilities was down significantly from 2H08 and 1H09.”

The full report, which details other vulnerabilities found worldwide, can be downloaded here.

Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

17 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

18 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

19 hours ago