Malware

Home and Enterprise Threats

The behavior patterns of home users and enterprise users tend to be very different:

  • Enterprise users typically use computers to perform business functions and may have limitations placed on their Internet and email usage.
  • Home users are more likely to use their computers for entertainment purposes, like playing games, watching videos, and communicating with friends.

These different behavior patterns mean that home users tend to be exposed to a different mix of computer threats than enterprise users.

Domain-Joined Computers
Non-Domain Computers

Top 10 families detected on domain-joined computers

Top 10 families detected on domain-joined computers, 3Q10–2Q11, by percentage of domain-joined computers reporting detections

Top 10 families detected on domain-joined computers, 3Q10–2Q11, by percentage of domain-joined computers reporting detections

Click on the Image to Enlarge

Top 10 families detected on domain-joined computers, 3Q10–2Q11, by percentage of domain-joined computers reporting detections

Click on the Image to Enlarge

  • Six families are common to both lists, although they are ordered differently and in different proportions. The generic detectionWin32/Autorun and the adware family Win32/OpenCandy are high on both lists.
  • Worms accounted for the top three families detected on domain-joined computers. Win32/Conficker and Win32/Rimecud, the first and third families on the list, are both designed to propagate via network shares, which are common in domain environments. Conficker has declined slowly over the past four quarters, and dropped two percentage points between 1Q11 and 2Q11.
  • Families that are significantly more prevalent on domain-joined computers include Conficker and the potentially unwanted software program Win32/RealVNC. RealVNC is a program that enables a computer to be controlled remotely, similar to Remote Desktop Services. It has a number of legitimate uses, but attackers have also used it to gain control of users’ computers for malicious purposes.
  • Java/CVE-2010-0840, an exploit that targets a vulnerability in older versions of Oracle Java SE and Java for Business, was the ninth most commonly detected threat on domain-joined computers. It is the only exploit to appear on either list.
  • The virus family Win32/Sality, which was not among the top 10 families detected on domain-joined computers in 2010, ranks tenth in the latest chart. Detections of Sality have not significantly increased over the past four quarters, but significant declines in detections of formerly prevalent families such as Win32/Taterf, Win32/Hamweq, and Win32/Renos have enabled less common families like Sality to make the list.
  • As with domain-joined computers, a number of formerly prevalent families no longer appear on the list of the top threats detected on non-domain computers. Among these are the worm families Taterf and Conficker, and the rogue security software family Win32/FakeSpypro.
Top of page Top of Page
SIR

Locations

United States Change All Microsoft Sites

Search

Feedback:

Was the information in this article helpful?