This morning, we released Volume 14 of the Microsoft Security Intelligence Report (SIRv14). This new report studies our findings on trends in the threat landscape based on data from more than 1 billion systems worldwide, focusing on data collected in the second half of 2012.
One interesting trend we saw surfacing in the enterprise was an increase in web-based threats. The enterprise has traditionally put a lot of effort into dealing with network worms, commonly mitigated with configuration and policy changes, and passwords, along with device and network share control. While still a threat to organizations, our latest threat intelligence report, SIRv14, shows these traditional network worms are being superseded by web-based threats.
Compared with the results for domain-joined (enterprise) computers in the prior year, web-based threats like Iframeref increased by 32 percent. BlacoleRef increased by 25 percent. In the same period, as a percentage of all threats reported by domain-joined computers, Conficker and Autorun decreased by 37 percent and Rimecud by 69 percent when compared with the average prevalence in 2011 with the second half of 2012. In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites.
SIRv14 also includes a feature analysis titled “Running Unprotected: Measuring the Benefits of Real-time Protection Software.” This story illustrates what the data shows about computers with and without real-time updated antivirus protection. We sliced and studied infection rates by operating system and country to try and calculate the risk users take when running unprotected. You will be able to read more about what we discovered in the SIR, and in the blog: Everyone benefits from antimalware software, released later today.
We also discovered that for the first time, with the exception of the Korean rogue Onescan, rogues actually reduced in detections during this period. This reduction was a significant step – malware authors seem to have begun changing their existing approach with rogues. This change was possibly due to public awareness about rogues, thanks to initiatives like the Real vs. Rogue test, for example. However, last Wednesday our blog post The Further Exploits of the Rogue Distributors, warned that rogues are finding newer forms and newer distribution tactics – so the game is far from over.
You can read all about these findings and more in our new SIRv14. Do have a read, and stick with us as we deep-dive into some of these topics on this blog.