Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still Top Threat

Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still
Top Threat
The latest Security Intelligence Report also highlights success with customer
disinfection rates and software update diligence.

REDMOND, Wash., Nov. 2 /PRNewswire-FirstCall/ -- Microsoft Corp. today
released the seventh volume of the Microsoft Security Intelligence Report
(SIRv7), which indicates that worm infections in the enterprise rose by nearly
100 percent during the first half of 2009 over the preceding six months. Rogue
security software remains a major threat to customers; however, 20 percent
fewer customers were affected by rogue infections during the past six months.

(Logo:  http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO)

In addition, the Zlob family of trojans, considered a top threat two years
ago, has drastically declined due to Microsoft's work to aggressively clean
customer machines and customers' diligence in applying software updates.

SIRv7 provides a deep, accurate view of the threat landscape country by
country. For the first time, this report shares security best practices from
countries that have consistently exhibited low malware infection. These best
practices and security intelligence provide a valuable resource for business
leaders who need to make accurate decisions based on the threats that are most
pressing today.

"It's been said that knowledge is power -- and when it comes to security
intelligence, a lack of accurate information can be detrimental to separating
real threats from hype," said Vinny Gullotto, general manager of the Microsoft
Malware Protection Center. "Microsoft is committed to providing not only
security intelligence for our customers and the community, but also the most
accurate and comprehensive view of the realities of the threat landscape."

The security intelligence contained in SIRv7 is collected through a broad
community of customers around the globe who share Microsoft's goal of
obtaining the most accurate view of the threat landscape. Reporting mechanisms
for the Microsoft Security Intelligence Report are diverse and comprehensive,
including Microsoft's Malicious Software Removal Tool (MSRT), on 450 million
computers worldwide; Bing, which performed billions of Web page scans during
the past six months; Windows Live OneCare and Windows Defender, operating on
more than 100 million computers worldwide; Forefront Online Protection for
Exchange and Forefront Client Security, scanning billions of e-mail messages
yearly; and Windows Live Hotmail, operating in more than 30 countries with
hundreds of millions of active e-mail users.

Top Global Trends 
Ten years after Melissa appeared and defined mass-mailing worms as a class of
malicious threats, worm infections have resurged to become the second most
prevalent threat for enterprises in the first half of 2009. Worms rely heavily
on access to unsecured file shares and removable storage volumes, both of
which are plentiful in enterprise environments. According to SIRv7, the
following were the top two families detected:
    --  Conficker was the top worm threat detected for the enterprise, because
        its method of propagation works more effectively within a firewalled
        network environment. Conficker is not in the top 10 for consumers,
        because home computers are more likely to have automatic updating
        enabled. This further reiterates the need for enterprises to have a
        robust security update management program in place.

    --  Taterf, with detections up 156 percent since the second half of 2008,
        targets massively multiplayer online role-playing games (MMORPGs).
These
        attacks rely less on social engineering to spread, and more on access
to
        unsecured file shares and removable storage volumes -- both of which
are
        often plentiful in the enterprise. Taterf's impressive growth
        underscores the need for organizations to develop guidelines for
        removable drives (such as thumb drives) and evaluate how connections
are
        made to outside machines.



According to the report, rogue security software remained the single largest
threat category for the first half of 2009. In addition, while there has been
progress combating rogues, this threat remained a major pain point for
computer users during the same period. Also known as "scareware," rogue
security software takes advantage of customers' desire to keep their computer
protected. Microsoft products and services removed malware from more than 13
million computers worldwide, down from 16.8 million in the second half of
2008. Computer users are advised to use an anti-malware solution from a
company they trust and to keep its threat definitions up to date.

In contrast, the report highlights the significant decrease in Zlob
disinfections, from 21.1 million at its peak in 2007 to 2.3 million in the
first half of 2009 -- a remarkable tenfold decrease.

Global Best Practices 
Infection rates and threats vary geographically, and SIRv7 contains proven
best practices from countries with the lowest infections. For example,
infection rates in Japan, Austria and Germany remained relatively low during
this period. Following is insight into how professionals from these regions
keep their customers and resources safe from cyber threats:
    --  Japan has seen its infection rates remain relatively low. One of the
        reasons is due in large part to collaborations such as the Cyber Clean
        Center, a cooperative project between Internet service providers
(ISPs),
        major security vendors and Japanese government agencies to educate
        users.
    --  Austria has implemented strict IT enforcement guidelines to lower
piracy
        rates, and this -- along with strong ISP relationships and fast
Internet
        lines, which aid in security update deployment -- has helped ensure
its
        generally low infection rate.

    --  Germany has also leveraged collaboration efforts with its computer
        emergency response team (CERT) and ISP communities to help identify
and
        raise awareness of botnet infections and, in some cases, quarantine
        infected computers.



Central to the success in each of these regions is the growing trend of
community-based defense, in which the broader industry combines its collective
strengths and intelligence to help defend computer users. Customers worldwide
can use SIRv7's detailed level of geographical insight to help inform their
threat management and risk management operations on a local, regional and
global level.

The Security Intelligence Report in Practice
Microsoft recommends customers and organizations use the data and prescriptive
guidance outlined in the Microsoft Security Intelligence Report to assess and
improve their security practices. The following are some of the top proactive
steps Microsoft recommends for individuals and businesses:
    --  Understand the Microsoft security update process and terminology. The
        newly released Microsoft Security Update Guide, available from the
        Microsoft Download Center, will help customers understand the security
        update release process and all of Microsoft's supporting resources. It
        also explains the Microsoft security communication process and
provides
        guidance on how to successfully plan an update management program,
        including when and how to implement temporary work-arounds.
    --  Ensure that all third-party applications are being updated regularly
by
        the vendor. Check the vendor's Web site to determine whether any
updates
        have been released and whether they need to be applied to computers.
As
        Microsoft continues to improve the security of its operating systems
and
        applications, attackers have increasingly redirected their
exploitation
        effort toward third-party applications and customer-developed internal
        applications.
    --  Ensure that a customer's development team is using the Security
        Development Lifecycle (SDL), http://www.microsoft.com/sdl, or a
similar
        software security assurance process.

    --  Ensure that policies are in place to help secure all file shares and
        regulate the use of removable media. Install AutoPlay update to help
        regulate automatic initiation of potentially dangerous removable
media.



A full list of Microsoft's guidance, a downloadable version of SIRv7 and other
related resources are available at http://www.microsoft.com/sir.

Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in software,
services and solutions that help people and businesses realize their full
potential.




SOURCE  Microsoft Corp.

Rapid Response Team of Waggener Edstrom Worldwide, +1-503-443-7070,
rrt@waggeneredstrom.com, for Microsoft Corp.