Recently we have published articles on the threat landscape in many different parts of the world including the European Union (part 1, 2, 3), Africa, Asia (part 1, 2, 3) and Oceania. The analysis in these articles is based on data and insights from the Microsoft Security Intelligence Report volume 12 (SIRv12) and previous volumes of the report.
Although I have written about some individual locations in the Middle East in the past, to date I have not done a more thorough analysis of a broader set of the most active locations in the region. That’s what this series of articles is focused on. I’m going to provide data, analysis and insights into the threat landscape in the following locations: Iraq, Israel, Palestinian Authority (West Bank and Gaza Strip), Qatar, and Saudi Arabia. These locations are among the most active in the region and provided enough telemetry data in the second half of 2011 to be confident in the findings. There might be locations in the region that you are interested in, but are not included in the series. I wrote about Egypt, for example, in my series on Africa, so it won’t be included again in this analysis.
As you can see from the malware infection rate heat maps below, the infection rates of some locations in the Middle East changed between the third (3Q11) and fourth (4Q11) quarters of 2011.
Figure 1 (top): Infection rates by country/region in 3Q11, by computers cleaned per mille (CCM); Figure 2 (bottom): Infection rates by country/region in 4Q11, by CCM
Looking at the specific malware infection rates for the aforementioned locations quarter by quarter in 2011 reveals some interesting trends as seen in Figure 3. The malware infection rate of every one of these locations was above the worldwide average in all four quarters of 2011. The number of computers cleaned per 1,000 scanned (CCM) by the Microsoft Malicious Software Removal Tool (MSRT) trended down steeply for Qatar in the first half of the year. The infection rates for other locations like Oman, Saudi Arabia, Lebanon, Kuwait and Israel generally trended down during the year. Iraq’s and Syria’s CCMs saw the largest CCM increases in the region during 2011 while Jordan’s and Bahrain’s CCMs ended the year not far from where they started it. The Palestinian Authority’s CCM was the highest in the region in the second half of 2011 with a CCM of 27.1 in 3Q11 and 29.9 in 4Q11. The Palestinian Authority’s CCM in the second half of 2011 was the second highest in the world, just below that of Pakistan (32.9 in 4Q11). It is also worth mentioning that Egypt’s CCM (22.1) ended the year just above Iraq’s CCM (22.0) making it the second most infected location in the region; for more details on the threat landscape in Egypt please see my article on Africa. Israel had the lowest CCM in the region during the last three quarters of the year, but it remained above the worldwide average.
Figure 3: Malware infection rates by country/region by quarter in 2011, including the worldwide average
Qatar: The Curious Case of Qatar Revisited
Late last year I wrote an article examining the threat landscape in Qatar. The malware infection rate (CCM) for Qatar in the first quarter of 2011 (1Q11) was 61.5; for every 1,000 systems that the Microsoft Malicious Software Removal Tool (MSRT) executed on in Qatar in 1Q11, 61.5 systems were found to be infected with malware. The prevalence of worms in Qatar was well above the worldwide average with Win32/Rimecud, Win32/Autorun, and Win32/Conficker all contributing to this high CCM.
Since 1Q11, the Computer Emergency Response Team (CERT) in Qatar has been focused on reducing the malware infection rate in the region and has made significant progress. The CCM in Qatar declined from 61.5 in 1Q11 to 13.5 in 4Q11.
Figure 4: CCM infection trends in Qatar and worldwide
Worms are still detected on systems in Qatar at much higher levels than the worldwide average, but the drastic reduction in the malware infection rate is great news.
Figure 5: Malware and potentially unwanted software categories in Qatar in 4Q11, by percentage of cleaned computers affected (totals exceed 100 percent because some computers are affected by more than one kind of threat)
Figure 6: The top 10 malware and potentially unwanted software families in Qatar in 4Q11
I asked Microsoft’s Chief Security Advisor for the Gulf region, Cyril Voisin, what actions people in Qatar can take to defend themselves from these threats. Cyril had some great advice including:
- Make sure you will receive the latest security updates from Microsoft by installing the free Service Pack 3 on your machines running Windows XP. To check what service pack you have installed, click Start, right-click My Computer, and then click Properties. Windows XP users can get more information and download Windows XP Service Pack 3 for free from here.
- Mitigate the Autorun-feature abuse by installing this free security update on your machines running Windows XP and Windows Vista. As many of the threats found in Qatar were abusing the Autorun-feature to propagate, applying this one security update will have a positive impact on the number of systems infected in Qatar.
- Make sure you’re not using any trivial password that threats can just guess to penetrate your systems. Instead, use strong passwords to help defend systems against Win32/Rimecud (a.k.a. Mariposa botnet) and Win32/Autorun
- Install antimalware software from a trusted source and keep it up to date. Many reputable antivirus companies offer free scans such as this one, and Microsoft offers Microsoft Security Essentials for free.
In the next part of this series on the threat landscape in the Middle East, I will examine the locations with the highest malware infection rates in the region: the Palestinian Authority and Iraq.
Windows Phone Application