Microsoft Security Intelligence Report Vol.7

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

Download volume 7 of the Security Intelligence Report and Key Findings Summary (available in 10 languages).

Volume 7 of the Security Intelligence Report (SIR v7) covers the first half of 2009 (January through June). It includes data derived from more than 450 million computers worldwide, each running Windows. It also draws data from some of the busiest services on the Internet, such as Windows Live Hotmail and Bing.

SIR v7 provides a detailed analysis of the threat landscape, as well as actionable guidance for IT professionals to help mitigate these threats. In this volume, the analysis is from the perspective of the three Microsoft Trustworthy Computing Security Centers in addition to several Microsoft product groups.

The research is extensive and we encourage you to download the report.

Highlights of the SIR v7 include:

• Worm infections are growing.
• Rogue security software continues to be a major threat.

Microsoft Malware Protection Center

The Microsoft Malware Protection Center (MMPC) is a global team of experienced malware research and response specialists dedicated to helping protect customers from new threats including viruses, worms, spyware, adware, and other malicious and potentially unwanted software.

For SIR v7 the MMPC provides an in-depth examination of the rising trend in malware and potentially unwanted software proliferation around the world.

This map shows regional infection rates based on the number of infected computers discovered per 1000 executions of the Malicious Software Removal Tool (MSRT).

Microsoft Security Engineering Center

The Microsoft Security Engineering Center (MSEC) provides security guidance to Microsoft product groups, helps implement the industry-leading software Security Development Lifecycle (SDL), and deploys applied security science and technology that helps improve future products and helps protect Microsoft customers.

In this volume of the SIR, the MSEC reports on exploits against browser-based software and Microsoft Office documents and examines trends in drive-by download exploits.

Microsoft Security Response Center

The Microsoft Security Response Center (MSRC) is a leading security risk analysis and management center that helps identify, monitor, resolve, and respond to security incidents and Microsoft software security vulnerabilities 24 hours a day, seven days a week. On constant alert for security issues, the MSRC monitors security newsgroups, responds to e-mail messages sent to secure@microsoft.com, and manages a company-wide security update release process.