Skip to main content
Skip to main content
Microsoft Security

Understanding the geography of malware

  • Microsoft Secure Blog Staff

Threat patterns are constantly shifting, and our latest security intelligence report zeroes in on some of the world’s malware hot spots. For more than 10 years, Microsoft has carefully studied the evolving cyber threat landscape and shared findings with the wider security community.  We base our analysis on one of the most complete security data sets in the world, which includes data gathered from more than 600 million computers worldwide.

Microsoft collects, analyzes and reports detailed data related to exploits, vulnerabilities and malware twice a year in our Security Intelligence Report (SIR). We determine malware infection rates using the computers cleaned per mille (thousand) formula. This method represents the number of computers cleaned for every 1,000 executions of the Microsoft Malicious Software Removal Tool (MSRT), a free tool distributed by Microsoft that removes more than 200 highly prevalent or serious threats from computers.

As in the previous years, during the second half of 2015 we saw uneven rates of infection around the globe. Iraq, Libya, Mongolia, Pakistan and the Palestinian territories had the highest infection rates overall. In contrast, Denmark, Finland, Iceland, Norway and Sweden have been among the healthiest locations in the world with regard to malware exposure — the infection rates for these locations were typically about half of the worldwide average.


Infection rate information can help provide a broader picture of the threat landscape by offering perspectives on how threats propagate and computers become infected.

Defend your organization against escalating risks

Worldwide, the malware infection rate increased in the final quarter of the year, from 6.1 computers cleaned per mille in the third quarter of 2015 to 16.9 in the fourth quarter. Our research reveals the increase during 2015 was largely due to Win32/Diplugem, a software family that modifies web browsers so that users see extra advertisements while browsing. When calculating these rates, only computers whose users have opted in to provide data to Microsoft are considered.

Microsoft strives to make the SIR one of the most useful sources of information about cyber threats and mitigation. Systematic analysis and comparison of areas highly impacted by malware against those least affected can help uncover the various technical, economic, social and political factors that influence regional malware infection rates.

It’s our belief that informing policymakers and IT professionals about malware trends will help them understand and manage risk better, both regionally and worldwide. I encourage you to use the report to assess your own situation and help defend against the most significant risks to your organization.

To understand security threats in your region or view the current or previous editions of the SIR, visit  For more information about Microsoft Security products and solutions – visit us at Microsoft Secure