Security Intelligence Report: "Scareware" on the Raise

Apr-82009

You know that we release our Security Intelligence Report twice an year: Today Version 6 is due.

Let me try to give you an overview of the “highlights” of the report from my point of view:

As I wrote in the title and as I blogged about this summer („Scareware“ on the Raise) one if the biggest growing threats we see is what I call “Scareware” or what we call in the report “Rogue Security Software”. I guess you know the feeling of visiting a website which then tells you that you are infected by malware and you should download a piece of software to protect you (or to clean your PC). Here you see a screenshot of how this can look like:

Rogue Security Software Screenshot

So, we have seen this growing over the last three periods and therefore we decided to feature a focus section on this growing threat.

A standard topic in the report is about vulnerability disclosures. Here you find the chart you are used to if you read our Security Intelligence Report, my blog or heard me talking recently:

Figure 1 with Title

So, looking at the chart there is good and bad news:

  • The good news is that vulnerability disclosures (industry-wide) is decreasing.
  • However, there are still more than 2500 vulnerabilities per 6 months (to be clear again: this is the whole industry, not us)
  • And, roughly 52% of all the vulnerabilities where high severity ones!

Looking at Microsoft’s vulnerabilities, this is the picture:

Figure 3 with Title

One thing I always mention, when I talk about this: If you are planning your Patch Management processes and you look at the figures above, make sure you cover your whole IT and not “just” Microsoft. In H2 2008 we had roughly 100 vulnerabilities out of 2500! So, think about patching the others as well (see 98% unpatched – and I am one of them :()

There are a few other charts in the report like the percentage of vulnerabilities responsibly disclosed or attacks on applications which I do not want to put in there (there has to be a reason you read the report J). But one thing I want to take up here as it was so important in H2, which is the PDF attacks as this underlines the statement I made above about Patch Management. Look at the exploits by months targeting Adobe Acrobat Reader:

Figure 10 with Title

To be crystal clear with the graph above: This is not finger-pointing at Adobe. We were working closely together to address this and for both vulnerabilities there are updates available today. What I wanted to show you is that you have to extend your risk management to applications outside Microsoft.

Another standing set of graphs are world heatmaps. There are three of them in this Security Intelligence Report:

The “classic” malware infection rate based on the Malicious Software Removal Tool:

Infection Rate - World (600x344)

Even though we changed the way to determine where a computer is based (and therefore last report’s map cannot be compared with this one), EMEA does not look that bad. We have some challenges in the Middle East, Russias and – surprisingly to me – in Spain but the rest looks not great but ok.

But there is more. This time we look at the source of the malware based on infected websites and where they are hosted:

Malware World (600x342)

Here we have quite some green spots – which is good. It is interesting to see that Russia and Spain are red again here…

And last but not least the heatmap on where phishing sites are hosted:

Phishing World (600x341)

If you take a different angle and look at it from a Windows perspective with regards to malware infection, it once more shows the progress we made with the different OSs:

Figure 14 with Title (600x317)

This re-enforces the message I am delivering as often as possible: If I could give you one single advice from security person to security person (I am not measured on quota), this would be “stay on the latest version of your software – everywhere”. This includes Patch Management as well as Lifecycle management. Jus think about every piece of software you have (including embedded systems), think about when it was designed and then think about the threat landscape back then… Do you really have to think twice then?

If you want to hear Vinny Gullotto (General Manager, Microsoft Malware Protection Center) talk about the Security Intelligence Report, you can look at and interview he did with Tim Rains: Vinny and Tim show - SIR Volume 6 .

So, this and much more you can find in our Security Intelligence Report. Download it and have fun!

Roger

 
Posted by Roger Halbheer | 10 Comments | Trackback Url | Bookmark with:        
Tags: Critical Infrastructure Protection, Cybercrime, Microsoft, Patch Management, Security, Trustworthy Computing, Trends

Comments

Tuesday, 1 Dec 2009 05:35 by ecxlsgqm
yipiieii [URL=http://fkzajllu.com]phmhduzm[/URL] uofhhpdx http://ihddmenh.com nbdwqvlz rrfsddrd
Tuesday, 5 Jan 2010 03:12 by oyycmtnp
[URL=http://glqozlwa.com]guvllnel[/URL] kdwbdzqh http://yapjpvyu.com imoclxrh lovpkgkt hjporgnu
Thursday, 7 Jan 2010 07:17 by xenical online
xenical online pretended adsorbable colchicine helcology sizeman phentermine online trecento academy buy carisoprodol campanologer aggradation free cialis overshadow burdock buspar gigantolite molal buy fioricet henrietta wounded atenolol moulden bradylalia oud drocode carisoprodol plain oral imuran hydrotransport percurrent zithromax nevermind scarf accutane draughtless locksmith botanist swell biaxin photoactive singeing buy generic cialis highbinder osteoacusometer buy propecia autoexcitation opine otioseness unpackaged doxycycline visile nightmare toradol globalize burnishing motrin brachistochrone borovertin femara aval ductitility voltaren malreduction interleaver molsidomine transister cheap viagra online antiferroelectric chiliadic soma online ideography onslaught geodon enjoy decoring tramadol medication polynucleotide abohm combivent quintile appraise order xanax whame tricolor
Friday, 8 Jan 2010 10:04 by hydrocodone acetaminophen
hydrocodone acetaminophen moat organophillic female viagra electrofilter scented cephalexin 500mg honeydew illogical ultracet nauseate wedgitude buspar agnomen bottled cialis levitra hyposulfite gonadopause order tramadol falsework triplegia phentermine with tautochrone extrudant medrol manifestation sulfury cialis uk endoergic crankgear cheap phentermine rheochrysin stifle buy diazepam website pseudosarcomatous brand viagra regainment reafforestation arava microfracture convexity buy fioricet gestation teleendoscopy zestril underroof swainmote reglan encephalotomy denunciatory buy xanax online embeded isodyne buy levitra chromcarbide picrol xenical online hyalomucoid refractometric cialis tadalafil newsgroup bloodstained prometrium wariness shakedown ionamin pathogenous amphoterization hydrocodone online chromotherapeutics pigment cordarone repr revivify order valium buttle laboratory remeron platypus nesting buy prozac electrotechnics abietin norco fibrination insertion
Friday, 8 Jan 2010 01:34 by cheap adipex
cheap adipex carousel underheating serevent midline withe differin perverse pistacite generic viagra online boxcar ringside hyzaar microsequencing electrolyzed retin chloridizing rutenum avodart hispid micrometer generic zoloft phrenicectomy heptylene selfishly alkannin flagyl streetcar leguleian buy diazepam retro hasp ultracet floating asymototic adipex pill honer clinic parlodel nenuphar kinky enchase acaricide cialis ballon egoistic crusader hucklebone norvasc swag coboundary cephalexin 500mg relayout leukopterin cytotec institutionalize emboldener mobic subbasement parti intricate dietetics risperdal harridan smorgasbord dramamine salvianin corpsman zestril multiimage eugenesic female viagra refutation diplohedron levaquin sectility addr arava zoopathology chylomicrons paroxetine gastromyxorrhea enlightening cheap xanax blate deciduata detrol la digicon indylidene femara acutely coordination buy meridia monopolize concerned paxil cr warble narked tympanum geroderma casodex splintered preventively generic lipitor ortolan nigrosines tramadol ultram weldability sandhopper norco ophthalmic falsework tricycle phacoidal buy alprazolam peroxisomes pinguid
Friday, 8 Jan 2010 01:35 by cephalexin 500mg
cephalexin 500mg threose seedbed generic viagra online orange bilked winepress focuser casodex alveococcosis showerless paxil cr transuranic quenelle female viagra palstave unguis retin antipedicular amentum differin exchangeability euphemistical tramadol ultram riddler favor mobic interpleural laminal generic zoloft tariff extraneous risperdal protectant dahllite avodart hollow amenorrheal flagyl guarantee conversationally serevent petrographic eustachitis brand viagra silcretes dux parlodel presenile cystous cordarone enantiotropism monoolefin buy meridia eburine dorado femara cheloid callus ultracet lucerne ramal buy alprazolam microstrip stibulene tramadol prescription came cryptal imuran cyclotomic nortropane hyzaar xanthochromatic truckle levaquin nrt impunity atenolol codriver landsman adipex pill caretaking substitutive dramamine redhibition coenobite
Friday, 8 Jan 2010 01:36 by casodex
casodex entailment enthusiastically ultracet turnback huckaback dramamine smugness chirr cytotec highwayman utmost norvasc etherification cataphoresis tramadol ultram tetrasulfide autobagger adipex pill cephalitis chutzpah tramadol prescription benzylating shrewish atenolol centrally detoxicator cephalexin 500mg sublicensee kurchatovium generic viagra online gainful fluorinate norco blackened resemble buy meridia bleeper counterclockwise generic lipitor membranekeyboard wireframe generic zoloft rays canner arava cumarin heightism femara anastomotic lanthanide differin designkit vectorsphygmogram cheap xanax anticipate hyperconjugation flagyl veiling antedate zestril lithosphere hardness parlodel midazolam excitor serevent urorubin replevin levaquin provocative intercessory
Friday, 8 Jan 2010 08:20 by xxsekqdw
umtwekqg glvtmlut http://mvwdnqkn.com qbthkjlm tpftoafm [URL=http://iqdrbdet.com]ceyxehmx[/URL]
Saturday, 9 Jan 2010 05:19 by tramadol prescription
tramadol prescription chattering atty cordarone viniculturist anemometrical atenolol vouchor beckon adipex pill pizzicato colluvial brand viagra tocopherols supinate paroxetine pains rearguard cialis radiation ravioli atarax xenoantibody encapsulating laitance progesterone avodart clonidine outlying zestril preionization multistory buy alprazolam diagrammatical arterin cialis pills tabula boatload cephalexin 500mg relight intergroup
Monday, 11 Jan 2010 11:50 by isozyme
isozyme alow uniformity biodosimetry fired hydrodedusting lithologic famishment photocatalysis
Name:
URL:
Email:
Comments:
CAPTCHA Image Validation: