Today we are pleased to announce the availability of a new Microsoft Security Intelligence Report (SIR) desktop application. This app works on Windows 7 and Windows 8 and is designed to provide our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. Here’s a summary of the new SIR app’s key features:.. Read more
For the past three and a half years, Win32/Conficker has been the top threat found in enterprise environments. We have reported on Conficker in the Microsoft Security Intelligence Report since the second half of 2008. No new variants of Conficker have been released in years and the methods it uses to propagate are well known, but once it finds its way into an environment it can be difficult to eliminate it.
Systems that host and distribute malware are located all over the world. These systems have typically been compromised and are being used for illicit purposes unbeknownst to the administrators of the systems. These compromised machines can be personal computers located in homes and small businesses, as well as servers in data centers.
Some background information
To get a sense of how attackers use malware hosting servers, just look at drive-by download attacks as one example. A drive-by download site is a website that hosts one or more exploits that target specific vulnerabilities in web browsers, and browser add-ons. Malware distributors use various techniques to attempt to direct internet users to websites that have been compromised or are intentionally hosting hostile code. Users with vulnerable computers can be secretly infected with malware simply by visiting such a website, even without attempting to download anything themselves. I have written about drive- by download attacks before: What You Should Know About Drive-By Download Attacks part 1, part 2.
This year’s RSA Conference is next week at the Moscone Center in San Francisco. If you are planning to attend, there are a few activities that I want to call to your attention.
On Tuesday, February 26 at 8:50am PST, Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a keynote titled “Making a Case for Security Optimism.” In the keynote, Scott will share his viewpoint on key security industry accomplishments that will have long-term impact and together form a basis for optimism.
This week we published a special edition to the Microsoft Security Intelligence Report titled “Linking Cybersecurity Outcomes and Policies.” The report contains a new methodology for identifying the linkages between socio-economic factors, public policies, and cybersecurity outcomes. We are making this report available to help encourage further discussion and research on the relationship between policy decisions and technical outcomes. This post is intended to help provide insight into the methodology that was used in the analysis.
Special Edition Security Intelligence Report Released – How Socio-economic Factors Affect Regional Malware Rates
Over the past several years I have had the opportunity to talk to customers and governments all over the world about the threat landscape and the data we publish in the Microsoft Security Intelligence Report (SIR). During these conversations regional malware infection rates always garner a lot of discussion. One of the most interesting questions I’m increasingly asked is what factors contribute to the differences in regional malware infection rates? Or what do regions with low malware infection rates do differently than regions with high malware infection rates? Our Special Edition Microsoft Security Intelligence Report: Linking Cybersecurity Policy and Performance released today provides a new body of research that speaks to these questions.
This morning, Adrienne Hall, General Manager for Trustworthy Computing delivered a keynote speech at RSA Europe and announced the availability of the Microsoft Security Intelligence Report volume 13 (SIRv13). It’s hard to believe that it’s been over six years since we published the first volume of the report. The report has evolved a lot since then, but our goal has always remained the same: to provide our customers with the most comprehensive view into the threat landscape so they can make informed risk management decisions.