Categories: PCSecurityWorkspace

Firms Get Worms, Warns Microsoft

Businesses are facing increasingly sophisticated threats, after Microsoft issued Volume 8 of its Microsoft Security Intelligence Report which showed that Windows XP is bearing the brunt of new attacks.

The report gathers data from around 500 million computers worldwide, in addition to a variety of online services such as Bing, in an effort to paint a comprehensive portrait of the world’s IT security scene for the second half of 2009.

Stop Picking On XP

Older operating systems received the brunt of attacks, according to Microsoft, with Windows XP reporting generally higher infection rates than either Windows 7 or Windows Vista. Of all the Microsoft-built operating systems, the 64-bit versions of Windows 7 RTM and Windows Vista SP2 reported the lowest numbers of computers cleaned for every 1,000 Malicious Software Removal Tool (MSRT) executions, averaging 1.4 PCs for each, while Windows XP SP 1 experienced the most, with 21.7 PCs cleaned per 1,000 executions.

As a generalised trend, succeeding service packs for operating systems resulted in progressively lower rates of infection. According to the report, “Microsoft security products cleaned rogue security software-related malware on 7.8 million computers in [the second half of] 2009, up from 5.3 million computers in [the first half of 2009] – an increase of 46.5 percent.”

Infection data differed somewhat between enterprise and consumer PCs, however, reflecting the differing needs and technologies of those respective segments.

“Domains are used almost exclusively in enterprise environments, and computers that do not belong to a domain are more likely to be used at home or in other non-enterprise contexts,” the report reads. “Comparing the threats that are encountered by domain computers and non-domain computers can provide insights into the different ways attackers target enterprise and home users and which threats are more likely to succeed in each environment.”

Can Of Worms

In that spirit, the report suggests that the largest threat facing domain computers is worms, which account for around 32 percent of the top 10 threats detected. By contrast, worms constituted only 15 percent of detected threats for non-domain computers.

Those results were revered for “Misc. Trojans,” detected on 18 percent of surveyed domain computers but around 25 percent of non-domain ones. “Misc. Potentially Unwanted Software” was detected on 16 percent of domain computers, versus 13 percent for non-domain, while “Trojan Downloaders & Droppers” hit 13 percent of domain computers and 15 percent of non-domain. “Password Stealers & Monitoring Tools” were a relative matchup, with 7 percent of domain computers and 9 percent of non-domain computers reporting encounters.

“Adware” represented a much larger threat to non-domain computers, being detected 12 percent of the time, while domain computers only encountered this particular threat 3 percent of the time. For “Backdoors,” “Viruses,” “Exploits” and “Spyware,” rates of encounter for both domain and non-domain computers remained in the low single digits.

“Worms typically spread most effectively via unsecured file shares and removable storage volumes,” the report suggests, “both of which are often plentiful in enterprise environments and less common in homes.” Of those worms: “Win32/Conficker, which uses several methods of propagation that work more effectively within a typical enterprise network environment than over the public Internet, leads the list by a wide margin.”

Spam, Spam, Spam

The report also broke down other elements of the web’s seedy underbelly, including spam; the top five locations that sent the most spam emails in the second half of 2009 included the United States (27 percent), Korea (6.9 percent), China (6.1 percent), Brazil (5.8 percent) and Russia (2.9 percent).

On a more positive note, the report also noted that the amount of industry-wide vulnerability disclosures for software has been steadily declining since the first half of 2006, including high- and medium-severity alerts. Vulnerability disclosures overall were down 8.4 percent from the first half of 2009 alone.

“The continued predominance of High severity and Medium severity vulnerability disclosures is likely caused at least in part to the tendency of both attackers and legitimate security researchers to prioritize searching for the most severe vulnerabilities,” the report suggests. “Application vulnerabilities continued to account for most vulnerabilities in [the second half of] 2009, although the total number of application vulnerabilities was down significantly from 2H08 and 1H09.”

The full report, which details other vulnerabilities found worldwide, can be downloaded here.

Nicholas Kolakowski eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

27 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago