Microsoft: Trojans are huge and China is tops in browser exploits
The Microsoft Security Intelligence Report shows Trojans continue to dominate the field of malware, emerging markets are at greater risk for infection, and vulnerability rates are going down overall.
Three things you might not know: Vulnerabilities are decreasing but becoming easier to exploit. Trojans are the biggest threat. And Chinese computers are infected with more browser-based exploits than anywhere else.
Those are findings in the Microsoft Security Intelligence Report, due to be released on Monday. Covering the first half of this year, the report provides statistics compiled from Microsoft's Malware Protection Center that reveal trends about threats, breaches, and infection rates.
"Industrywide, we've seen a decrease in the last 12 months in vulnerabilities across products," down nearly 20 percent from the year-ago period, George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group, said in an interview.
Meanwhile, the percentage of disclosed vulnerabilities that are easiest to exploit increased, with 56 percent requiring a low complexity exploit, according to the report.
Operating system vulnerabilities continued to decline, representing about 6 percent of disclosed vulnerabilities with more than 90 percent found in applications.
And vulnerabilities in Microsoft software continued to trend down, by about one-third from the second half of 2007. About one-third of vulnerabilities disclosed in Microsoft software had publicly available exploit code.
Microsoft released patches for 77 security vulnerabilities during the first half of 2008, with 25 having publicly available exploit code.
The total amount of malware and unwanted software removed from computers worldwide in the first half of the year increased more than 43 percent from the second half of last year. Trojan downloaders accounted for more than 30 percent of that.
Of the computers serviced by Microsoft's Malicious Software Removal Tool, which runs on every PC that gets Windows updates, an average of 10 out of 1,000 are found to be infected worldwide, Stathakopoulos said. In the U.S. the infection number is 11.2 per 1,000. The lowest infection rate is in Japan, at 1.8 infected computers per 1,000, and at the other end is Afghanistan at 76 machines per 1,000, he said.
Downloaders or droppers, software that drops back doors on to computers, remained the most prevalent threat category. More than 96 percent of the computers cleaned in this category were attributed to two Trojan families: Win32/Zlob and Win32/Renos, the report said.
"Defenses against viruses and spyware work pretty well," said John Pescatore, an analyst at Gartner. "But the numbers are growing for Trojans; things are getting right through the antivirus and spyware software. It's not stopping the targeted malicious executables."
The changing landscape of vulnerabilities, with social engineering attacks plaguing PCs, along with pop-up ads and scareware, means companies should change their strategy for how they protect the corporate network, said Don Retallack, an analyst at Directions on Microsoft.
"Companies and organizations may want to do some employee training rather than counting on (software) configuration management," he said.
The report also has some interesting statistics specific to different countries. For instance, China has a high level of browser-based exploits, accounting for 47 percent of all incidents, followed by the U.S. with 23 percent of incidents, the report found.
China is at the top of the list because the software developers there are not as disciplined in writing code with security in mind and the huge market is an attractive target for malware writers, Stathakopoulos said.
In Brazil, password stealers dominate; viruses are big in Spain; in Italy it's unwanted software led by the peer-to-peer client Wi32/BearShare; while in Korea viruses are the biggest threat.