The Microsoft Security Intelligence Report volume 11 (SIRv11), released by Microsoft Corp., reveals that in India, infection trends increased in the first half of 2011, in contrast to the generally improved security scenario worldwide. Looking at various online threats, India beat the worldwide average for the analyzed categories of Worms, miscellaneous trojans, adware, viruses, trojan downloaders and droppers, and password stealers and monitoring tools.
Worms emerged as the single biggest problem in the country, at the end of the second quarter of 2011 affecting 38.3 percent of all infected computers, over three times the worldwide average. Over the same period, the second most common threat in India was miscellaneous Trojans (which affected 33.6 percent of all infected computers, up from 33.3 percent in the previous quarter) although the threat from the third most common category, potentially unwanted software, dropped two points to 30.7.
India a Hotbed for Botnets
In terms of the origins of global malicious websites and spam, India remains a hotbed for unwanted botnets: 11.003 percent of all spambot IP addresses were found to be located in India.
Globally, a significant finding of the SIRv11 is that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities – software vulnerabilities that are successfully exploited before the vendor has published a security update or “patch.”
In contrast, 99 percent of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities. In the report, Microsoft highlights the fact that some of the more common threats can be mitigated through good security best practices.
SIRv11 further revealed that user interaction, typically employing social-engineering techniques, is attributed to nearly half (45 percent) of all malware propagation in the first half of 2011.
In addition, more than one third of all malware is spread through cybercriminal abuse of Win32/Autorun, a feature that automatically starts programs when external media, such as a CD or USB, are inserted into a computer. 90 percent of infections that were attributed to vulnerability exploitation had a security update available from the software vendor for more than a year.
Educating People
“We encourage people to consider this information when prioritizing their security practices,” said Vinny Gullotto, general manager, Microsoft Malware Protection Center. “SIRv11 provides techniques and guidance to mitigate common infection vectors, and its data helps remind us that we can’t forget about the basics. Techniques such as exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals.”
The Microsoft SIRV11 contains prescriptive guidance to help educate people about commonly known social-engineering techniques, how to create strong passwords and how manage security updates.
“The insight about global online threats, including zero-days, from SIRv11 helps our mutual customers better prioritize defenses to more effectively manage risk,” said Brad Arkin, senior director, product security and privacy at Adobe. “It also provides a good reminder on the importance of keeping systems up to date with the latest security protections.”
Microsoft produces the Security Intelligence Report twice a year to keep the industry informed on the changing threat landscape and provide beneficial customer guidance for protecting their networks. SIRv11 provides insight into online threat data between January and June 2011and analysis of data from more than 100 geographies around the world.
