Microsoft has released its 6th Security Intelligence Report which provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software & potentially unwanted software.
The global prevalence of rogue security software, which uses social engineering to obtain money or sensitive information from victims, has increased significantly over the past 18 months. Three of the top 10 threats detected worldwide in the second half of 2008 disseminate rogue security software. Win32/FakeXPA and Win32/FakeSecSen are both in the worldwide top 10 list of threats; neither was in the top 25 list of threats in the first half of 2008. Both were detected on more than 1.5 million computers in the second half of 2008.
Rogue security software families are among the top threats detected in many countries throughout the world, suggesting that the appeal to people’s fear is an effective tactic that transcends language barriers. English seems to be the primary language used by rogue security software social engineering, although some of the software families have been released in multiple languages.
Malicious software infection rates differ significantly for different versions of the Microsoft Windows operating system. Windows Vista was less infected at any service pack level than Windows XP. Comparing the latest service packs for each version, the infection rate of Windows Vista SP1 is 60.6 percent less than that of Windows XP SP3.
The following map illustrates the infection rates of locations around the world, expressed in a metric called CCM that represents the number of computers cleaned per thousand executions of the Malicious Software Removal Tool.
For the first time, the Microsoft Security Intelligence Report includes document file format exploit data regarding Microsoft Office and Adobe exploits observed in the second half of 2008. Overall, data showed that attackers incorporated document file format vulnerabilities as an infection technique in numbers not seen before, affecting both consumers and organizations.
Microsoft encourages customers to make sure they are using the latest versions of all software, including upgrading to Microsoft Office System (2007 release) or going to Microsoft Office Live or Microsoft Update to get the latest updates.