Gulf Cooperation Council (Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and United Arab Emirates)

Overall, Microsoft security products detected malware and potentially unwanted software on 42.6 percent more computers in the states of the Gulf Cooperation Council (GCC) in 1H08 than in 2H07. Figure 54 lists the infection rates (CCM) for each of the GCC member states.

Figure 54. Infection rates (CCM) for the states of the Gulf Cooperation Council in 1H08

(Infection rates are rounded to one decimal place. Percentage changes have
been calculated before rounding.)

Figure 55 and Figure 56 list the most common malware and potentially unwanted software categories and families detected by Microsoft security products in the states of the GCC in 1H08.

Figure 55. Malware and potentially unwanted software in Gulf Cooperation Council states, by category, in 1H08

Observations:

  • The most common category in the GCC states is ".. Trojan Downloaders and Droppers," which accounts for 26.5 percent of all infected computers, with the total number of infected computers decreasing 1.5 percent from 2H07.
  • The second most common category in the GCC states is "Other Trojans," which includes trojan families that are not classified as downloaders/droppers or backdoors. It accounts for 23.5 percent of all infected computers, with the total number of infected computers increasing 185.5 percent from 2H07.

    Figure 56. Top 25 families in Gulf Cooperation Council states in 1H08

    Gulf Cooperation Council (Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates)

    Observations:

    • The top 25 families account for 77.5 percent of all infected computers.
    • Six of the top 25 families are potentially unwanted software families.
    • All of the top 10 families are malware.
    • Win32/Zlob, Win32/Renos, and Win32/Vundo, three common families worldwide, are also prevalent in the GCC states.
      • Win32/Zlob, the most common threat in the world and the GCC states, was detected on 5.5 percent more computers in 1H08 than in 2H07. See "Win32/Zlob" in Trends and Analysis, on page 59, for more information about this family of trojan downloaders.
      • Win32/Renos, the fourth most common family worldwide, ranks fifth in the GCC states. It was detected on 11 percent fewer computers in the GCC states in 1H08 than in 2H07.
      • Win32/Vundo, also known as Win32/Virtumonde, was added to the MSRT in March 2008 and has been heavily detected by several Microsoft security products. It is the second most common threat in the world and the sixth most common threat in the GCC states. See "Win32/Vundo and Win32/Virtumonde" in Trends and Analysis, on page 60, for more information about this family of trojans.
    • Win32/Taterf, the seventh most common family worldwide, ranks second in the GCC states. Win32/Taterf is a family of worms that spread via mapped drives to steal login and account details for popular online games. See "Online Gaming-Related Families" in Trends and Analysis, on page 62, for more information about this family of worms.
    • Win32/RJump, the ninth most common family worldwide, ranks third in the GCC states. It was detected on 17.3 percent more computers in the GCC states in 1H08 than in 2H07. Win32/RJump is a worm that attempts to spread by copying itself to newly attached media (such as USB memory devices or network drives). It also contains backdoor functionality that allows an attacker unauthorized access to an affected computer.

  • Win32/Brontok, the twentieth most common family worldwide, ranks fourth in the GCC states. Win32/Brontok is a family of mass-mailing e-mail worms. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.
  • Win32/C2Lop, the eighth most common family in the GCC states, is not among the 25 most common families worldwide. Win32/C2Lop modifies Web browser settings, adds Web browser bookmarks to advertisements, updates itself, and delivers pop-up and contextual advertisements.
  • Win32/Advantage, the thirteenth most common family worldwide, ranks fifteenth in the GCC states. It was detected on 1,084 percent more computers in the GCC states in 1H08 than in 2H07. Win32/Advantage is a family of adware that displays pop-up advertisements and contacts a remote server to download updates.

security Intelligence Report