Microsoft has presented a mixed bag of security findings according to its latest Security Intelligence Report 17 April.
It found for example that Conficker, a worm that started spreading among enterprise desktop systems in 2008, continues to wriggle through corporate networks. But the total number of infected systems shrank during 2012,.
In the last half of 2012, the average number of infections by the two major wormlike programs, Conficker and Autorun, declined by more than a third compared with the total in 2011, the company said. Worms are programs that spread from computer to computer by exploiting vulnerabilities to automatically compromise networks. Conficker typically spreads by guessing users’ password, and Autorun jumps between bootable drives.
“In the last quarter of 2012, a person in the enterprise was more likely to encounter attacks through the Web than any of the network worms,” Holly Stewart, senior program manager with the Microsoft Malware Protection Center, told eWEEK.
A distinct difference exists between enterprise users and consumers in Microsoft’s data, because the company can tell if the infected computer belongs to an Active Directory Domain Services domain, typically only used in business networks. Consumers were more likely to encounter adware and other potentially unwanted software than viruses and worms, Microsoft’s report found.
The Security Intelligence Report also measured the effect of host-based security software on the rate of infection, finding that computers that had no anti-malware protection were 5.5 times more likely on average to be infected with malicious code.
Attackers appear to be focusing on Windows 7 systems, as unprotected computers running the original Windows 7 operating system – not the more recent Service Pack 1 version – had the highest infection rate, which is 2 percent. In contrast, an average of 4.2 Windows XP systems per 1,000 protected systems showed signs of infection, almost four times higher than Windows 7 Service Pack 1 systems protected by anti-malware.
Microsoft recommended that companies use anti-malware software and other security systems, regularly patch software, and ask vendors about their security development life cycle, which is a method of developing software that takes security into account. In addition, businesses should consider restricting Web sites on their networks to those known to be good and regularly check their own site for security vulnerabilities.
“The security issues posed by the Web are an interesting mix of social engineering and being able to affect servers that are not necessarily under corporate control,” Stewart said. “You can lock down end users’ systems, but you may not be able to control were they go.”
Reports of vulnerabilities declined by 8 percent in the second half of 2012, mainly due to a drop in application vulnerabilities. Vulnerabilities reported in Microsoft products shrank by more than a quarter in the second half of 2012, their lowest level since 2005.
The Blackhole exploit kit, which Microsoft refers to as Blacole, accounted for a large proportion of the exploited vulnerabilities in the latter half of 2012, the Microsoft report stated. Six of the top 10 exploits detected in 2012 were components of this cyber-crime kit, Microsoft stated.
Are you a security expert? Try our quiz!
Originally published on eWeek.
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…