Conficker still a major threat according to Microsoft report

Microsoft has released its 12th Security Intelligence Report, covering the period July to December 2011. Heading the report is the finding that the Conficker family of worms remains a threat, and continues to be a "serious threat", especially for enterprises. Having passed its peak of infecting an estimated seven million computers worldwide, Conficker was still detected on 1.7 million computers – Windows XP systems being the most vulnerable – in the last quarter of 2011. The number of quarterly detections has risen from just over half a million at the beginning of 2009 – an increase of 225 per cent. On its News Center, Microsoft reports that research into the reasons why Conficker is still discovered so frequently in organisations suggests that "92 per cent of Conficker infections were a result of weak or stolen passwords, and 8 per cent of infections exploited vulnerabilities for which a security update exists."

Unique computers reporting exploits each quarter in 2011, by targeted platform or technology
Source: Microsoft

In the section on "Worldwide threat assessment" the report notes that the general vulnerability of software – gauged by a combination of vulnerabilities disclosed, their severity and complexity – has been on the decline for the last couple of years; vulnerability disclosures across the industry fell ten per cent during 2011. The number of exploits of such vulnerabilities detected by Microsoft remained more or less flat through 2011, with the main exception being exploits targeting HTML or JavaScript – these approximately tripled during the year. Document format exploits also showed an increase, predominantly targeting Adobe Acrobat and Reader – these more than doubled during 2011.

As far as malware detections are concerned, the UK showed a drop of 6% from the same quarter in the previous year. Germany, on the other hand, showed the largest increase worldwide, with a jump of 30.4%; this is mainly attributed to a family of trojans known as Win32/EyeStye, which attempt to steal sensitive data. Once the detection of this trojan family was added to Microsoft's MSRT security software in October 2011, "within the first 10 days thereafter, more than half of the EyeStye infections detected and removed by the MSRT were in Germany." Russia followed Germany with a 28.5% increase in detections, primarily due to three different malware types.

Detection trends for a number of notable malware families in 2011
Source: Microsoft

The report notes that the types of threats affecting users varies considerably around the world. For the UK, miscellaneous trojans followed by adware top the list; their figures are very close to those for the whole world. On a positive note, the reports states that spam email messages have dropped considerably; Microsoft's Forefront Online Protection for Exchange (FOPE) blocked less than half of the spam messages in December 2011 that it had in January. The decrease is attributed to the various moves Microsoft has made in collaboration with law enforcement agencies and others against some of the main botnets responsible for delivering spam.

This 12th Security Intelligence Report for Q3/4 2011 is available to download as a PDF. Its analysis is based on data from Microsoft's Malicious Software Removal Tool, along with an analysis of emails from the Hotmail email service, and testing of web pages accessed by Microsoft's search engine Bing.

See also:

• Microsoft publishes its latest Security Intelligence Report, a report from The H.
• Microsoft leads strike on Zeus botnets, a report from The H.
• Report: Kelihos botnet making a comeback, a report from The H.

(ehe)