Posted by: kenwbudd | April 9, 2009

Microsoft Security Intelligence Report – Extracts

Here’s a look at the five most important aspects from the full Microsoft Security Intelligence Report.

1. Vulnerabilities (the response and reaction to them) vary, depending on whether the target is at work or home.

Based on data provided by its enterprise Forefront Client Security and consumer Windows Live OneCare, Microsoft found that vulnerabilities are very different. Why? A corporate user may have email and Internet limitations that reduce the attack surface. A home user has more software tools to be infected but less critical data at risk.

Simply put, a home user is more likely to get hit with a Trojan attack to extract bank and credit card details, etc. In the enterprise, the weapon of choice is the Worm attack, which is primarily destructive and disruptive.

The greatest difference between enterprise and home vulnerabilities is social engineering. Microsoft explains:

  • The Windows Live OneCare list also includes several families associated with rogue security software, such as Win32/Renos, Win32/FakeXPA, and Win32/Antivirus2008.
  • The social engineering messages used in connection with rogue security software may be less effective in an enterprise environment, where malware protection is typically the responsibility of the IT department…
  • By contrast, the Forefront Client Security list is dominated by worms, like Win32/Autorun, Win32/Hamweq, and Win32/Taterf.
  • Worms rely less on social engineering to spread than categories like trojans and downloaders do, does and more on access to unsecured file shares and removable storage volumes, both of which are often plentiful in enterprise environments.

2. Users don’t always remove unwanted software: There’s great appeal to the procrastinator in the “ignore” button.

  • Microsoft explains one nuance of the malware issue:Software cannot always be classified in binary terms as “good” or “bad.”
  • Some software inhabits a gray area wherein the combination of behaviors and value propositions presented by the software is neither universally desired nor universally reviled.
  • This gray area includes a number of programs that do things like display advertisements to the user that may appear outside the context of the Web browser or other application and which may be difficult or impossible to control.

Microsoft’s scans allow users to ignore a security alert, allow software to remain, issue a prompt, quarantine or remove it.

If software is really malicious it is removed without user input. The gray areas appear when users have a choice.

Microsoft adds:

  • These decisions are influenced by a number of factors, such as the user’s level of expertise, how certain they feel about their judgment regarding the software in question, the context in which the software was obtained, societal considerations, and the benefit (if any) being delivered by the software or by other software that is bundled with it.
  • Users make choices about what to do about a piece of potentially unwanted software for different reasons, so it’s important not to draw unwarranted conclusions about their intent.

Moderate or Low threats are often ignored by users, who think that there’s value in the software. These threats are keepers based on user behaviour:

3. Rogue security software (Scareware) gains momentum.

The concept of rogue security software is pure genius. Malicious hackers prey on the fears of users, cook up bogus security software and extract payments to keep your PC running. Microsoft notes that rogue security software is becoming a hot category.

Microsoft reports:

  • Rogue security software authors have long attempted to exploit this trust by giving their programs generic, anodyne names, like “Antivirus 2009,” and making them resemble genuine security software in many ways.
  • Recently, many threats have taken this approach a step further, posing as components of the operating system itself or as a familiar search engine.
  • One of the first families observed to exhibit this behavior was Win32/FakeSecSen, which was added to the MSRT in November 2008 and was the eighth most prevalent family in 2H08 overall.
  • Win32/FakeSecSen adds an icon to the Control Panel named Vista AV or MS AV and fraudulently uses the same four-colour shield icon as the Windows Security Center. Double-clicking the icon launches the rogue software, which claims to detect a large number of nonexistent threats and urges the user to “activate” the software by paying for it.

Win32/Renos is a longtime threat that delivers rogue security software. It was the most prevalent threat in the second half of 2008. Two new trojans–Win32/FakeXPA and Win32/FakeSecSen were the seventh and eight most prevalent family class.

4. Social networking phishing attacks represented less than 1 percent of attacks, but yielded a big chunk of phishing impressions.

Translation: Social networking sites will remain a big phishing target.

Microsoft explains:

  • A typical social network phish is likely to trick an order of magnitude more users than a typical financial phish. There are a number of explanations for this discrepancy.
  • While financial institutions targeted by phishers can number in the hundreds, just a handful of popular sites account for the bulk of the social network usage on the Internet, so phishers can effectively target many more people per site.
  • In addition, phishers often use the messaging features of the sites themselves to distribute their attacks, typically by gaining control of a user’s account and using it to send phishing messages to the victim’s friends.
  • These attacks can be much more effective than e-mail–based attacks, because they exploit the considerable level of trust users place in their friends.

Take a look at:


5. Malware is dominant in the U.S. and accounted for 67 percent of all infected computers.

Trojans—the miscellaneous variety–were detected on 29.4 percent of infected computers. Among other items:

  • Five of the top 20 families detected in the United States in Q3 and Q4 of 2008 (Win32/Renos, Win32/FakeXPA, Win32/FakeSecSen, Win32/Antivirus2008, and Win32/Winfixer) download rogue security software or display misleading warning messages to convince users to purchase a program that supposedly removes spyware.

Here are the top five individual threats:

Trojan downloaders and droppers were detected on 24.4 percent of all infected computers.

I trust this was of interest to you and you will see the sense of protecting your computer(s) with known and trusted anti Virus software as well as setting up a good Firewall and Intrusion detection. The rise and rise of Malware across the globe means that you will also need to protect your system(s) from this menace.

Do your research, read the reviews and never be the first to try any new protection software.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: