Microsoft reckons Trojans greatest threat to Windows PCs
Microsoft has released its Security Intelligence Report, which contains a detailed assessment of the data collected by OneCare, Windows Defender and the Malicious Software Removal Tool (MSRT). Initial figures had been released in July.
All of these tools do not just detect and remove known malware, they also collect additional information on the infection and send it to Microsoft. According to Microsoft, from January to June 2006, MSRT, which is updated monthly, removed infections from four million PCs. In two million of these cases there was at least one backdoor or trojan on the system. In comparison to the second half of 2005, this represents an 18 percent decrease in the number of trojans. In most cases an infected system becomes a member of a botnet or scouts out users' confidential data.
Rootkits may have been the word on everyone's lips at the start of the year, but according to Microsoft's analysis cases have halved compared to the previous year. This success is probably due to the availability of anti-rootkit tools. This may mean that the rootkit problem has been stemmed for the mass of users, but it is emerging that attackers are developing new and more subtle techniques for concealing malware on Windows systems. These methods have not yet gone beyond the laboratory stage, but it should be anticipated that they will soon be being used for attacks on particularly valuable targets.
Microsoft has also identified regional differences in its report. It turns out that some malware is regionalised and only turns up in Asia, for example. There are also differences among the top ten spyware packages found by Windows Defender. Whilst in the English speaking world, SurfSideKick, which displays certain advertisements on the system and sends system files to the internet, is the most common spyware, on German language Windows PCs adware Zango.SearchAssistant is the most common.
Microsoft has some problem interpreting the data on the number of infections by language version. It turns out, for example, that Chinese and Turkish language versions of Windows were infected relatively frequently. A possible explanation, according to Microsoft, might be that anti-virus software is less widely distributed in these countries or is rarely used. A little work still seems to be required on this one.
- Security Intelligence Report from Microsoft