Detecting threat actors in recent German industrial attacks with Windows Defender ATP

Read more Detecting threat actors in recent German industrial attacks with Windows Defender ATP

No slowdown in Cerber ransomware activity as 2016 draws to a close

Read more No slowdown in Cerber ransomware activity as 2016 draws to a close

Are Viruses Making a Comeback?

In the six or seven years that we have been publishing the Microsoft Security Intelligence Report (SIR) I have seen many trends emerge over time.  The threat landscape is constantly changing as attackers try to find methods that will help them compromise the systems they target.  For several years viruses (file infectors) seemed to be out of favor with attackers as they used other categories of threats to attack systems. 

Viruses simply didn’t support the profit motive many attackers had in the same way that Trojan Downloaders and Droppers, Miscellaneous Trojans, and Password Stealers and Monitoring Tools all did.  Viruses are threats designed in an era before ubiquitous Internet connectivity made it easier for Worms to successfully self-propagate.  Worms like SQL Slammer and Blaster spread around the world in minutes.  This would likely take an old fashioned file-infector much, much longer to accomplish, limiting their ability to infect large numbers of systems quickly.  Additionally, Viruses tend to be relatively “noisy” threats as they typically try to infect large numbers of files (.exe, .dll, .scr) on the systems they compromise.  This characteristic can make them easier to detect than other more blended threats.

Subsequently, I have rarely seen the Virus threat category found on more than 5 percent of systems with detections globally.  There have been regional exceptions like Korea, Russia, and Brazil, where I have seen relative Virus levels reach between 10 and 15 percent.  But more recently I have noticed that Viruses seem to be making a comeback.  As seen in Figure 1, the relative prevalence of Viruses has been trending up.  The prevalence worldwide for the Virus threat category was 7.8 percent in the fourth quarter of 2012 (4Q12).  Read more.

Read more Are Viruses Making a Comeback?

On The Origins of Malware: Are Malware Hosting Sites in Your State or Region?

Read more On The Origins of Malware: Are Malware Hosting Sites in Your State or Region?

RSA Conference 2013: Thank-you RSA Attendees!

Read more RSA Conference 2013: Thank-you RSA Attendees!

Korea’s Malware Infection Rate Increases Six-fold in Six Months

I have written about the threat landscape in Korea a few times in the past as it has been one of the most active threat landscapes in the world for some time:

Data from the Microsoft Security Intelligence Report volume 13 indicates that Korea’s malware infection rate (Computers Cleaned per Mille or CCM) increased 6.3 times during the first half of 2012. During this period the number of systems cleaned per 1,000 systems scanned by the Microsoft Malicious Software Removal Tool (MSRT) in Korea increased from 11.1 in the fourth quarter of 2011 (4Q11) to 70.4 in the second quarter (2Q12) of 2012.  At the end of the first half of 2012 Korea had the highest malware infection rate ever published in the Microsoft Security Intelligence Report, ten times the worldwide average infection rate.

Read more Korea’s Malware Infection Rate Increases Six-fold in Six Months

Microsoft Security Intelligence Report Volume 13 Released

This morning, Adrienne Hall, General Manager for Trustworthy Computing delivered a keynote speech at RSA Europe and announced the availability of the Microsoft Security Intelligence Report volume 13 (SIRv13).  It’s hard to believe that it’s been over six years since we published the first volume of the report.  The report has evolved a lot since then, but our goal has always remained the same: to provide our customers with the most comprehensive view into the threat landscape so they can make informed risk management decisions. 

Read more Microsoft Security Intelligence Report Volume 13 Released

The Threat Landscape in the Middle East – Part 3: Israel and Saudi Arabia

In the first two parts of this series on the threat landscape in the Middle East (Part 1, Part 2) I focused on the threats in Qatar, Iraq and the Palestinian Authority (West Bank and Gaza Strip). In this final part of the series I focus on Israel and Saudi Arabia.

The data in this article comes from the Microsoft Security Intelligence Report volume 12 (SIRv12) and previous volumes of the report.

Read more The Threat Landscape in the Middle East – Part 3: Israel and Saudi Arabia

The Threat Landscape in the Middle East – Part 2: The Palestinian Authority and Iraq

In the first part of this series on the threat landscape in the Middle East I focused on the threats in Qatar, the location with the largest improvement in malware infection rates in the region.  In this part of the series I focus on the Palestinian Authority and Iraq, the two locations with the highest malware infection rates in the region in the second half of 2011.

Read more The Threat Landscape in the Middle East – Part 2: The Palestinian Authority and Iraq

The Threat Landscape in Asia & Oceania – Part 4: Australia and New Zealand

Read more The Threat Landscape in Asia & Oceania – Part 4: Australia and New Zealand