‫ Microsoft Security Intelligence Report

IRCRE201205100

Date: 2012-05-30
 
Volume 12 of the Microsoft Security Intelligence Report (SIRv12) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on third and fourth quarters of 2011.
Vulnerabilities
Vulnerability Severity

The following figure shows Industry-wide vulnerability disclosures by severity, 1H09–2H11.

Medium-severity vulnerabilities again accounted for the largest number of disclosures at 936, a 3.5 percent decrease from 1H11. High-severity vulnerabilities decreased 31.0 percent from 1H11. Low-severity vulnerabilities, which had increased slightly over the past several periods, decreased 13.7 percent from 1H11. High-severity vulnerabilities that scored 9.9 or greater represent 9.6 percent of all vulnerabilities disclosed in 2H11.
Vulnerability Complexity
Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A High-severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower-severity vulnerability that can be exploited more easily.

The following figure shows complexity trends for vulnerabilities disclosed since 1H09. Note that Low complexity indicates greater risk, just as High severity indicates greater risk in past figure.

Low-complexity vulnerabilities the easiest one to exploit—accounted for 55.3 percent of all disclosures in 2H11. Medium-complexity vulnerabilities amounted for 40.4 percent of disclosures in 2H11. Disclosures of Medium-complexity vulnerabilities have decreased significantly over the past year, from 1,121 in 2H10 to 721 in 2H11. High-complexity vulnerability disclosures declined slightly to 76 in 2H11, a decrease from 118 in 1H11. Disclosures of High-complexity vulnerabilities account for 4.3 percent of all vulnerabilities disclosed in 2H11.
Operating System, Browser, and Application Vulnerabilities

The following figure shows industry-wide vulnerabilities for operating systems, browsers, and applications since 1H09.

Disclosures of application vulnerabilities increased 17.8 percent in 2H11. In all, applications accounted for 71.2 percent of all vulnerability disclosures in 2H11.
Operating system vulnerability disclosures decreased 34.7 percent in 2H11, and ranked below browser vulnerability disclosures for the first time since at least 2003.
Disclosures of vulnerabilities in web browsers increased 8.6 percent in 2H11, continuing a trend of small increases over each of the last several periods.
Vulnerability Disclosures

The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products since 1H09.

Vulnerabilities in Microsoft products accounted for 6.4 percent of all vulnerabilities disclosed in 2H11, a decrease from 6.8 percent in 1H11.
Vulnerability disclosures for Microsoft products have generally remained stable over the past three years, though Microsoft’s percentage of all disclosures industry-wide has increased slightly.
Exploits

The following figure shows the prevalence of different types of exploits for each quarter in 2011.

Java exploits, formerly the most commonly observed type of exploits, were relegated to second place in 3Q11 and 4Q11 because of the rise in HTML/JavaScript exploits; despite this, the number of computers reporting Java exploit detections remained at a high level during 3Q11 and 4Q11, and actually increased overall from the first half of the year 
Detections of exploits that target vulnerabilities in document readers and editors increased in 4Q11, making them the third most commonly detected type of exploit during the quarter, due primarily to a rise in exploits that target older versions of Adobe Reade
 
 
Malware and Potentially Unwanted Software
The information in this section was compiled from telemetry data that was generated from more than 600 million computers worldwide and some of the busiest services on the Internet.
Global Infection Rates
The following table shows the locations with the most computers reporting detections and removals by Microsoft desktop antimalware products in 2H11.
 
 
Detections in Germany increased 30.4 percent from 3Q11 to 4Q11, primarily because of significantly increased detections of Win32/EyeStye. Germany also saw increased detections of the exploit family JS/Blacole and the generic detection Win32/Keygen. Detections in Russia increased 28.5 percent from 3Q11 to 4Q11. Detections in Italy increased 14.6 percent from 3Q11 to 4Q11, with increases in EyeStye, Keygen, and Win32/Zbot.
 
Operating System Infection Rates

The following figure shows the infection rate for each Windows operating system/service pack in 4Q11.

This data is normalized: the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP3 computers to 1,000 Windows 7 RTM computers).
As in previous periods, infection rates for more recently released operating systems and service packs tend to be lower than earlier ones, for both client and server platforms. Windows 7 SP1 and Windows Server 2008 R2, the most recently released Windows client and server versions, respectively, have the lowest infection rates on the chart.
Infection rates for the 64-bit editions of Windows Vista and Windows 7 have increased since the first half of 2011. For the first time, infection rates for the 64-bit editions of Windows Vista SP1 and SP2 were higher than for the corresponding 32-bit versions of those platforms in 2H11.
Threat Categories
The Microsoft Malware Protection Center (MMPC) classifies individual threats into types based on a number of factors, including how the threat spreads and what it is designed to do. To simplify the presentation of this information and make it easier to understand, these types are grouped into 10 categories based on similarities in function and purpose.

The following figure shows detections by threat category each quarter in 1Q11-4Q11, by percentage of all computers reporting detections.

 
Totals for each time period may exceed 100 percent because some computers report more than one category of threat in each time period.
Adware, the most commonly detected category during the first three quarters, fell to 3rd in 4Q11, continuing a year-long trend of decline. Decreased detections of several highly prevalent adware families, notably Win32/OpenCandy, Win32/ClickPotato, and Win32/ShopperReports, were chiefly responsible for the decline.
Rogue Security Software
Rogue security software, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.
The following figure shows detection trends for the most common rogue security software families detected in 2H11.
Email Threats
Spam Messages Blocked

The information in this section of the Microsoft Security Intelligence Report is compiled from telemetry data provided by Microsoft Forefront® Online Protection for Exchange (FOPE), which provides spam, phishing, and malware filtering services for thousands of Microsoft enterprise customers that process tens of billions of messages each month.

The following figure shows messages blocked by FOPE each month June 2011 to December 2011.
 
FOPE blocked 14.0 billion messages in December 2011, less than half of the amount blocked in January. Between 76 and 92 percent of incoming messages were blocked at the network edge each month. The overall decline in spam blocked between January and December has disproportionately affected spam blocked at the network edge.
 
Spam Types
 

The FOPE content filters recognize several different common types of spam messages. The following figure shows the relative prevalence of the spam types that were detected in 2H11.

Advertisements for non-pharmaceutical products accounted for an additional 13.2 percent of messages blocked, a decrease from 17.2 percent in 1H11.
In an effort to evade content filters, spammers sometimes send messages that consist only of one or more images, with no text in the body of the message. Image-only spam messages decreased to 1.5 percent of the total in 2H11 overall, from 3.1 percent in 1H11 and 8.7 percent in 2010.
 
Related Link:

Microsoft Security Intelligence Report from 1st Quarter of 2011


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 خرداد 1391

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0