Tim Rains Group Product Manager Microsoft Session Code: SIA206.
-
Upload
antony-robertson -
Category
Documents
-
view
218 -
download
4
Transcript of Tim Rains Group Product Manager Microsoft Session Code: SIA206.
![Page 1: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/1.jpg)
![Page 2: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/2.jpg)
Microsoft Security Intelligence Report
Tim RainsGroup Product ManagerMicrosoftSession Code: SIA206
![Page 3: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/3.jpg)
Security Intelligence Report volume 6(July-December 2008)
Report addresses data and trends observed over the past several years, but focuses on the second half of 2008 (2H08)Major sections cover
The Threat EcosystemSoftware Vulnerability DisclosuresSoftware Vulnerability ExploitsBrowser-Based and Document Format ExploitsSecurity and Privacy BreachesMalicious Software and Potentially Unwanted SoftwareEmail, Spam, Phishing and Drive-By Download ThreatsSpecial Focus on Rogue Security SoftwareCountry/region Specific Data for 12 Locations Worldwide
Report builds on five previous editions of the SIR
![Page 4: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/4.jpg)
Security Intelligence Report volume 6(July-December 2008) Data Sources
Software Vulnerability DisclosuresCommon Vulnerabilities and Exposures Website
http://cve.mitre.org http://www.first.org/cvss
National Vulnerability Database (NVD) Web sitehttp://nvd.nist.gov/
Security Web sitesVendor Web sites and support sites
Security Breach Notificationshttp://datalossdb.org
![Page 5: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/5.jpg)
Security Intelligence Report volume 6(July-December 2008) Data Sources
Software ExploitsVariety of public sources, including exploit archives, antivirus alerts, mailing lists, security related websitesCustomer support incidents and reports submitted to MicrosoftCustomer submissions of malicious software to the Microsoft Malware Protection CenterMicrosoft Security Bulletinshttp://www.microsoft.com/technet/security
![Page 6: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/6.jpg)
Security Intelligence Report volume 6(July-December 2008) Data Sources
Malicious Software and Potentially Unwanted SoftwareData from several hundred million computers worldwideSome of the busiest services on the Internet (e.g. Hotmail)During 2H08 MSRT executed 2.2 billion timesSince January 2005 total MSRT executions surpass 15 billion
Product Name
Main Customer Segment Malicious Software Spyware and Potentially Unwanted Software Available at
No Additional
Charge
Main Distribution
MethodsConsumers Business Scan and Remove
Real-time Protection
Scan and Remove
Real-time Protection
Windows Malicious Software Removal Tool ●
Prevalent Malware Families
● WU/AU Download Center
Windows Defender ● ● ● ● Download Center Windows Vista
Windows Live OneCare safety scanner ● ● ● ● Web
Windows Live OneCare ● ● ● ● ● Web/Store Purchase
Microsoft Forefront Online Security for Exchange ● ● ● Web
Forefront Client Security ● ● ● ● ● Volume Licensing
Also data from Windows Live Search and the Microsoft Windows Safety Platform
![Page 7: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/7.jpg)
Software Vulnerability Disclosure Trends
![Page 8: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/8.jpg)
Industry Wide Software Vulnerability DisclosuresBy half year, industry wide
Disclosures in 2H08 down 3% from 1H08Disclosure for all of 2008 down 12% from 2007
Industry-wide vulnerability disclosures by half-year, 2H03-2H08
2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08
0
500
1000
1500
2000
2500
3000
3500
![Page 9: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/9.jpg)
Software Vulnerability DisclosuresSeverity of vulnerabilities – CVSS v2
Disclosure of high severity vulnerabilities 3.8% higher than 1H08The highest severity rating accounts for 7.8% of all disclosures
Industry-wide vulnerability disclosuresby severity, 2H08
Industry-wide vulnerability disclosuresby severity by half-year, 2H03–2H08
2H03
1H04
2H04
1H05
2H05
1H06
2H06
1H07
2H07
1H08
2H08
0
500
1000
1500
2000
2500
3000
3500
Low
Medium
High
Medium (4-6.9)43.8%
Low (0-3.9)3.6%
High (9.9 +)7.8%
High (7-9.8) 44.8%
![Page 10: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/10.jpg)
Software Vulnerability DisclosuresAccess complexity – Industry Wide
Majority of disclosures are Low Complexity
Industry-wide vulnerability disclosures by access complexity, 2H03–2H08
2H03
1H04
2H04
1H05
2H05
1H06
2H06
1H07
2H07
1H08
2H08
0%
20%
40%
60%
80%
100%
High Complexity Med Complexity Low Complexity
![Page 11: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/11.jpg)
Security Vulnerability DisclosuresOperating system, Browser and Application Disclosures – Industry Wide
Operating system vulnerabilities – 8.8% of the totalBrowser vulnerabilities – 4.5% of the totalOther vulnerabilities – 86.7% of the total
Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08
2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08
0
500
1,000
1,500
2,000
2,500
3,000
3,500
Operating System Vulnerabilities Browser Vulnerabilities
![Page 12: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/12.jpg)
Security Vulnerability DisclosuresMicrosoft Vulnerability Disclosures
Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale
Vulnerability disclosures for Microsoft products, 2H03-2H08
Vulnerability disclosures for Microsoft products, by year, 2004-2008
2H031H04
2H041H05
2H051H06
2H061H07
2H071H08
2H08
0
20
40
60
80
100
120
140
160
180
2004 2005 2006 2007 2008
0
50
100
150
200
250
300
![Page 13: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/13.jpg)
2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08
0
500
1,000
1,500
2,000
2,500
3,000
3,500
Security Vulnerability DisclosuresMicrosoft vulnerability disclosures
Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale
Vulnerability disclosures for Microsoft and non-Microsoft products, 2H03-2H08
Non-Microsoft
Microsoft
![Page 14: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/14.jpg)
Security Vulnerability DisclosuresMicrosoft vulnerability disclosures
Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale
Microsoft vulnerability disclosures as a percentage of all industry disclosures, 2H03-2H08
2H031H042H041H052H051H062H061H072H071H082H08
0%
2%
4%
6%
8%
10%
20042005
20062007
2008
0%
1%
2%
3%
4%
5%
6%
![Page 15: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/15.jpg)
Security Vulnerability Disclosures Responsible Disclosure Rates
1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08
0%10%20%30%40%50%60%70%80%90%
100%
Responsible vulnerability disclosures as a percentage of all disclosures involving Microsoft software, 1H05-2H08
![Page 16: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/16.jpg)
Security Vulnerability Disclosures Security Bulletins
1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08
0102030405060708090
100Security Bulletins Released and CVEs addressed by half year, 1H05-2H08
Unique CVEs
Bulletins
Microsoft consolidates multiple vulnerabilities into individual security bulletins to minimize update events
![Page 17: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/17.jpg)
Software Vulnerability Exploit Trends
![Page 18: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/18.jpg)
Microsoft Vulnerability Exploit DetailsBrowser-based exploits
Data taken from user-reported incidents, submissions of malicious code, and Windows error reportsData from multiple operating systems and browsers
Browser-based exploits, by percentage, encountered in 2H08
CVE_2007_0071_Adobe_Flash_Dowd 10.3%CVE_2008_1309_RealPlayer_rmoc3260_Conso
le8.0%
ourgame_GLIEDown2_IEStartNative7.8%
MSRC_6206_MS06_014_MDAC_RDS7.5%
CVE_2007_5601_RealPlayer_IERPCtl6.0%
Sina_Downloader_DLoader_DownloadAndInstall
4.9%CVE_2007_5892_SSReader_pdg2_Register
4.7%CVE_2007_4816_BaoFengStorm_rawParse
4.6%
CVE_2007_5064_Xunlei_Webthunder_DownURL23.9%
SSReader_pdg2_LoadPage3.0%
CVE_2007_0015_Apple_Quicktime_RTSP2.9%
Other 36.4%
![Page 19: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/19.jpg)
Microsoft Vulnerability Exploit DetailsBrowser-based exploits by system locale
The most common system locale was U.S English at 32.4% of all incidentsThe second most common was Chinese at 25.6%
Browser-based exploits, by system locale of victim, encountered in 2H08
Russian (Russia) 7.9%
Italian (Italy) 1.9%
English (UK) 1.6%
Spanish (Spain) 1.5%
French (France) 2.0%German (Germany)1.9%
Korean (Korea) 1.8%
Other 23.4%
Chinese (China) 25.6%
English (US) 32.4%
![Page 20: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/20.jpg)
Microsoft Vulnerability Exploit DetailsBrowser-based exploits by operating system and software vendor
On Windows XP-based machines, Microsoft vulnerabilities accounted for 40.9% of the exploitsOn Windows Vista-based machines, Microsoft vulnerabilities account for only 5.5% of the exploits
Browser-based exploits targeting Microsoft and third-party software on computers running Windows XP, 2H08
Browser-based exploits targeting Microsoft and third-party software on computers running Windows Vista, 2H08
Microsoft; 40.9%
3rd Party; 59.1%
Microsoft; 5.5%
3rd Party; 94.5%
![Page 21: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/21.jpg)
MSRC_6206_MS06_014_MDAC_RDS
CVE_2008_1309_RealPlayer_rmoc3260_Console
CVE_2007_5892_SSReader_pdg2_Register
MSRC_6726_MS06_057_WebViewFolderIcon
MSRC_5651_MS05_014_createControlRange
MSRC_6999_MS06_071_MSXML_setRequestHeader
ourgame_GLIEDown2_IEStartNative
CANDIDATE_MSRC_8759_MSHTML_CXfer_TransferFromSrc
CVE_2007_0015_Apple_Quicktime_RTSP
MSRC_6779_MS06_055_VML
0%
2%
4%
6%
8%
10%
Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows XP-based machines
The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08
MicrosoftVulnerabilitiesThird-PartyVulnerabilities
![Page 22: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/22.jpg)
CVE_2007_0071_Adobe_Flash_Dowd
ourgame_GLIEDown2_IEStartNative
CVE_2008_1309_RealPlayer_rmoc3260_Console
CVE_2007_5601_RealPlayer_IERPCtl
CVE_2007_4816_BaoFengStorm_rawParse
CVE_2007_5892_SSReader_pdg2_Register
CVE_2007_5064_Xunlei_Webthunder_DownURL2
SSReader_pdg2_LoadPage
CVE_2007_0015_Apple_Quicktime_RTSP
CVE_2007_5659_AdobeAcrobat_collectEmailInfo
0%
5%
10%
15%
20%
Microsoft Vulnerability Exploit DetailsTop 10 browser-based exploits on Windows Vista-based machines
On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities
The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08
Third-PartyVulnerabilities
![Page 23: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/23.jpg)
Security Breach Trends
![Page 24: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/24.jpg)
Security Breach TrendsStudy details
Study of publicly reported security breaches worldwide Hacking and viruses less than 20% of all notifications in 2H0850% of breaches in 2H08 resulted from stolen equipment
Security breach incidents by type, expressed as percentages of the total, 2H07-2H08
Stolen
equ
ipm
ent
"Hac
k"
Lost e
quipm
ent
Acciden
tal w
eb
Frau
d
Snail m
ail
Dispos
al
Malwar
e
Miss
ing
0%
10%
20%
30%
40%
50%
2H07
1H08
2H08
![Page 25: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/25.jpg)
Malicious and Potentially Unwanted Software
![Page 26: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/26.jpg)
Malicious And Potentially Unwanted SoftwareOperating system trends
The infection rate ofWindows Vista SP1 was 60.6% less than Windows XP SP3Windows Vista with no service pack was 89.1% less than Windows XP with no service pack installed
Windows XP RTM
Windows XP SP1
Windows XP SP2
Windows XP SP3
Windows Vista RTM
Windows Vista SP1
Windows Vista RTM (64-bit)
Windows Vista SP1 (64-bit)
Windows 2000 SP4
Windows Server 2003 SP2
Windows Server 2008 RTM
Windows Server 2008 RTM (64-bit)
0
5
10
15
20
25
30
3533.6
25.2
12.9
6.53.7
2.6 3.02.5 3.8
2.71.3
0.6
# of
Com
pute
rs C
lean
ed p
er
1000
exe
cuti
ons
![Page 27: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/27.jpg)
Malicious and Potentially Unwanted SoftwareThe Threat Landscape at Home and in the Enterprise
Family categories detected by Windows Live OneCare and Forefront Client Security, by percentage of the total number of infected computers cleaned by each program, in 2H08
Misc. Trojans
Trojan Downloaders & Droppers
Misc. Potentially Unwanted Software
Adware
Worms
Password Stealers & Monitoring Tools
Backdoors
Malware
Exploits
Spyware
0%
10%
20%
30%
40%
50%
60%
Windows Live OneCare
Infection patterns mirror usage patternsWorms are more prevalent in enterprise environmentsTrojans are more prevalent in home environments
![Page 28: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/28.jpg)
Malicious And Potentially Unwanted SoftwareCategory Trends
2H06 1H07 2H07 1H08 2H080%
5%
10%
15%
20%
25%
30%
35%
40%Misc. Trojans
Trojan Downloaders & Droppers
Misc. Potentially Unwanted Software
Adware
Worms
Password Stealers & Monitor-ing Tools
Backdoors
Malware
Exploits
Spyware
Computers cleaned by threat category, in percentages, 2H06-2H08
Circular markers denote malicious software, square markers denote potentially unwanted software
![Page 29: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/29.jpg)
Malicious and Potentially Unwanted SoftwareFamily trends in 2H08, all Microsoft anti-malware desktop products worldwide
Rank Family Most Significant Category Infected Computers
1 Win32/Renos Trojan Downloaders & Droppers 4,371,5082 Win32/Zlob Trojan Downloaders & Droppers 3,772,2173 Win32/Vundo Miscellaneous Trojans 3,635,2074 Win32/ZangoSearchAssistant Adware 3,326,2755 Win32/Taterf Worms 1,916,4466 Win32/ZangoShoppingreports Adware 1,752,2527 Win32/FakeXPA Miscellaneous Trojans 1,691,3938 Win32/FakeSecSen Miscellaneous Trojans 1,575,6489 Win32/Hotbar Adware 1,477,88610 Win32/Agent Miscellaneous Trojans 1,289,17811 ASX/Wimad Trojan Downloaders & Droppers 1,168,72412 Win32/BaiduSobar Misc. Potentially Unwanted Software 1,131,180
13 Win32/Frethog Password Stealers & Monitoring Tools 1,037,451
14 Win32/Antivirus2008 Misc. Potentially Unwanted Software 1,034,897
15 Win32/Playmp3z Adware 996,272
Italics indicate rogue security software-related families
![Page 30: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/30.jpg)
Malicious and Potentially Unwanted SoftwareGlobal Infection Counts
Country/Region Computers Cleaned in 2H08United States 13,245,712China 3,558,033United Kingdom 2,225,016France 1,815,639Brazil 1,654,298Spain 1,544,623Korea 1,368,857Germany 1,209,461Italy 978,870Canada 916,263Mexico 915,605Turkey 768,939
Country/Region Computers Cleaned in 2H08Netherlands 641,053Russia 604,598Taiwan 466,929Australia 464,707Japan 417,269Poland 409,532Portugal 337,313Sweden 287,528Belgium 267,401Denmark 224,021Norway 203,952Colombia 164,986Switzerland 163,156
The 25 locations with the most computers cleaned by Microsoft anti-malware desktop products in 2H08
![Page 31: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/31.jpg)
Malicious And Potentially Unwanted SoftwareInfection rates by country/region in 2H08
![Page 32: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/32.jpg)
Malicious And Potentially Unwanted SoftwareNormalized infection rates by country/region - MSRT
Country/Region 2H08 average CCM(computers cleaned per 1000
executions of MSRT)
Serbia, Montenegro 77.0
Russia 21.1
Brazil 20.9
Turkey 20.5
Spain 19.2
Saudi Arabia 18.5
Korea 18.3
Egypt 16.5
Mexico 15.9
Guatemala 13.9
Locations with the highest infection rates by CCM, 2H08
Country/Region 2H08 average CCM(computers cleaned per 1000
executions of MSRT)
Vietnam 1.3
Philippines 1.4
Macao S.A.R 1.5
Japan 1.7
Morocco 2.1
Pakistan 2.2
Austria 2.3
Luxembourg 2.5
Algeria 2.6
Finland 2.6
Locations with the lowest infection rates by CCM, 2H08
South Africa heat map infection rate (CCM) was 6.6 in 2H08i.e. 6.6 systems infected for every 1,000 systems MSRT executed on
Noticeably lower than worldwide average of 8.6
![Page 33: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/33.jpg)
Malicious And Potentially Unwanted SoftwareGeographic trends by location
Significant differences in threat patterns worldwideThreat categories worldwide and in the eight locations with the most infected computers, by incidence,
among all computers cleaned by Microsoft desktop anti-malware products , 2H08
WW United States
China United Kingdom
France Brazil Spain Korea Germany
0%
10%
20%
30%
40%
50%
60%
Misc. Trojans
Trojan Downloaders & Droppers
Misc. Potentially Unwanted Software
Adware
Worms
Password Stealers & Monitoring Tools
Backdoors
Malware
Exploits
Spyware
![Page 34: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/34.jpg)
Top Threats in South AfricaDisinfected Threats by Category in 2H08Category Infected
ComputersTrend from 1H08
Worms 24,318 + 317.8%
Miscellaneous Trojans 17,773 + 130.4%
Trojan Downloaders and Droppers 15,103 +39.8%Miscellaneous Potentially Unwanted Software 14,727 -13.4%
Adware 9,715 -18.3%
Backdoors 5,815 +122.7%
Password Stealers and Monitoring Tools 5,674 +356.5%Viruses 3,069 +228.6%
Spyware 608 -29.3%Exploits 534 +111.1%
TOTAL + 64.6%
Worms; 25.0%
Trojans; 18.3%
Downloaders and Droppers; 15.5%
PUS; 15.1%
Adware; 10.0%
Backdoors; 6.0%
PWS
and moni-tor-ing tool
s; 5.8%
Viruses; 3.2% Spyware; 0.6% Exploits; 0.5%
![Page 35: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/35.jpg)
Data from All Microsoft Security ProductsTop 10 Families in South Africa, 2H08
Family CategoryInfected computers Trend
1 Win32/Taterf Worm 11,940 +579.2%
2 Win32/Zlob Trojan Downloaders & Droppers
9.037 -5.9%
3 Win32/Renos Trojan Downloaders & Droppers
6,753 +262.3%
4 Win32/Rjump Worm 5,404 +228.1%
5 Win32/Vundo Miscellaneous Trojans 4,517 +80.0%
6 Win32/ZangoSearchAssistant Adware 3,663 +20.4%
7 Win32/Frethog Password Stealers & Monitoring Tools
2,722 NEW
8 Win32/FakeSecSen Miscellaneous Trojans 2,692 NEW
9 Win32/Hamweq Worm 2,425 NEW
10 Win32/SeekmoSearchAssistant Adware 2,409 -8.4%
![Page 36: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/36.jpg)
Top Threats in South AfricaPrevalent Families
Win32/Taterf is significantly more prevalent in South Africa
ASX/Taterf is #1 in South Africa, #5 worldwideA family of worms that spread via mapped drives to steal login & account details for popular online games
Win32/Rjump and Win32/Frethog are significantly more prevalent in South Africa
Win32/Rjump is #4 in South Africa, #22 worldwideWorm that spreads via newly attached media
Win32/Frethog is #7 in South Africa, #13 worldwidePassword stealer targeting login & account details for popular online games
![Page 37: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/37.jpg)
Top Threats in South AfricaPrevalent Families - Summary
Of the top families:8 of the top 10 are malware20 out of the top 25 families are malwareOnly 2 of the top 10 are potentially unwanted software, such as adwareTop 25 families accounted for 91.0% of the total infected machines in South Africa
![Page 38: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/38.jpg)
Spam, Phishing, Drive-bys
![Page 39: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/39.jpg)
E-Mail ThreatsSpam Trends and Statistics
Inbound messages blocked by Forefront Online Security for Exchange content filters, by category, during the last six weeks of 2H08
Pharmacy - non sexual; 38.6%
Non-pharmacy product ads; 23.6%
Pharmacy - sexual; 10.0%
Image only; 7.3%
Dating/Sexually Explicit Material; 5.2%
Financial ; 3.1%
Fraudulent Diplomas; 2.8%
419 Scam; 1.9% Malware ; 1.8% Get Rich Quick ; 1.7% Phishing ; 1.6% Gambling ; 1.1% Stock ; 0.6% Software ; 0.5%
![Page 40: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/40.jpg)
E-Mail ThreatsSpam Trends and Statistics
Inbound messages blocked by Forefront Online Security for Exchange content filters, by category, 1H08-2H08
0%
10%
20%
30%
40%
1H08
2H08
Product advertising dominated spam volumesSpam promoting stocks declined sharply
![Page 41: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/41.jpg)
Malicious Site AnalysisPhishing sites by coutry/region by percentage of all phishing sites worldwide in 2H08
![Page 42: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/42.jpg)
Malicious Site AnalysisPhishing sites in the United States by percentage of all phishing sites nationwide in 2H08
![Page 43: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/43.jpg)
Malicious Site AnalysisMalware hosting sites by coutry/region by percentage of all malware hosting sites worldwide in 2H08
![Page 44: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/44.jpg)
Malicious Site AnalysisMalware hosting sites by coutry/region by percentage of all malware hosting sites worldwide in 2H08
![Page 45: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/45.jpg)
Analysis of Drive-By Download PagesExample of a Drive-By Download Attack
![Page 46: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/46.jpg)
Analysis of Drive-By Download PagesGeographic Distribution of Drive-by Download Pages
![Page 47: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/47.jpg)
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
![Page 48: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/48.jpg)
Related ContentEnd to End Trust (SIA101)
Security Management and Protection: What's in Microsoft Forefront Client Security Version 2 (SIA203)
Targeting SPAM with Forefront (SIA204)
Deploying Windows 7 BitLocker in the Enterprise (WCL308)
Next Generation Messaging and Collaboration Protection Drilldown (SIA301)
Windows Internet Explorer 8 Security, Inside and Out (WCL305)
12 Tips to Secure Your Windows Systems, Revisited: How Windows Vista, Windows Server 2008, and Windows 7 Change the Game (WSV301)
Overview of Microsoft Forefront Unified Access Gateway (SIA305)
Access and Protection: A Technical Preview and Deep Dive of the Next Generation of Microsoft ISA Server (SIA303)
Developing a Security Awareness Strategy (SIA202)
Cybercrime: A Journey to the Dark Side (SIA310)
![Page 49: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/49.jpg)
Track Resources
www.microsoft.com/sir
www.microsoft.com/msrc
www.microsoft.com/mmpc
www.microsoft.com/msec
![Page 50: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/50.jpg)
Complete a session evaluation and enter to win!
10 pairs of MP3 sunglasses to be won
![Page 51: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/51.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 52: Tim Rains Group Product Manager Microsoft Session Code: SIA206.](https://reader038.fdocuments.in/reader038/viewer/2022110209/56649e3f5503460f94b30928/html5/thumbnails/52.jpg)
question & answer