Threat Categories By Location
There are significant differences in the types of threats that affect users in different parts of the world. The spread and effectiveness of malware are highly dependent on language and cultural factors, in addition to the methods used for distribution. Some threats are spread using techniques that target people who speak a particular language or who use services that are local to a particular geographic region. Other threats target vulnerabilities or operating system configurations and applications that are unequally distributed around the globe
Table below shows the relative prevalence of different categories of malware and potentially unwanted software in several locations around the world in 2Q11.
Threat category prevalence worldwide and in 10 individual locations, 2Q11
Click on the Image to Enlarge
- Within each row of the table, a darker color indicates that the category is more prevalent in the specified location than in the others, and a lighter color indicates that the category is less prevalent.
- The United States and the United Kingdom, two predominantly English-speaking locations that also share a number of other cultural similarities, have similar threat mixes in most categories.
- While France had lower than average detection rates in most categories, adware was found on 72.4 percent of computers reporting detections, a rate nearly twice as high as the worldwide average. The top 6 families detected in France in 2Q11 were adware families, with all others far behind.
- Italy experienced a rise in Adware detections similar to that of France, due to increased detections of many of the same families. A new family, Adware:Win32/OfferBox, was the top family in both France and Italy in 2Q11.
- Brazil has long had higher than average detections of Password Stealers & Monitoring Tools due to the prevalence of Win32/Bancos, which targets customers of Brazilian banks. Detections of Password Stealers & Monitoring Tools are still high, but a number of other categories have also risen to significantly above average due to increased detections of families like JS/Pornpop, HTML/IframeRef, and Win32/OpenCandy.
- China has a relatively high concentration of Miscellaneous Potentially Unwanted Software, Backdoors, and Spyware, and a relatively low concentration of Adware. China routinely exhibits a threat mix that is much different than those of other large countries and regions, featuring a number of Chinese-language families like Win32/BaiduSobar that are uncommon elsewhere. The most common families in China also include an exploit, JS/CVE-2010-0806, that was less prevalent elsewhere.
Top of Page
Threat Families
The table below lists the top 10 malware and potentially unwanted software families that were detected on computers by Microsoft desktop security products in the first half of 2011.
Quarterly trends for the top 10 malware and potentially unwanted software families detected by Microsoft anti-malware desktop products in 1Q11 and 2Q11, shaded according to relative prevalence
Click on the Image to Enlarge
- Win32/OpenCandy was the most commonly detected family in 1H11 overall. OpenCandy is an adware program that may be bundled with certain third-party software installation programs, for which detection was first added in February 2011. Some versions of the OpenCandy program send user-specific information without obtaining adequate user consent, and these versions are detected by Microsoft’s anti-malware products.
- JS/Pornpop, the second most commonly detected family in 1H11 overall, is a detection for specially crafted JavaScript-enabled objects that attempt to display pop-under advertisements in users’ web browsers. Initially, JS/Pornpop appeared exclusively on websites that contained adult content; however, it has since been observed to appear on websites that may contain no adult content whatsoever. First detected in August 2010, it grew quickly to become one of the most prevalent families in the world.
- Win32/Hotbar, the most commonly detected family in 2Q11 and the third most commonly detected family in 1H11, is adware that installs a browser toolbar that displays targeted pop-up ads based on its monitoring of web browsing activities. Hotbar has existed for several years, but has increased significantly in prevalence beginning in 1Q11.
- Win32/Autorun, the fourth most commonly detected family in 1H11, is a generic detection for worms that spread between mounted volumes using the AutoRun feature of Windows. AutoRun detections had been increasing steadily for several quarters before declining slightly in 2Q11, following the February release of a security update that changed the way the AutoPlay feature works in Windows XP and Windows Vista.
- The adware family Win32/ClickPotato, the fifth most commonly detected family in 1H11, was first detected in August 2010 and rose quickly to occupy the third spot in 1Q11 before rapidly declining in 2Q11. ClickPotato is a program that displays pop-up and notification-style advertisements based on the user’s browsing habits.
Top of Page
