Trying to give something back to the Community...
Company finds use of malicious software increasingly motivated by financial gain.
LONDON — 22 April 2008 — Microsoft Corp today released the fourth volume of its Microsoft Security Intelligence Report (SIR) at Infosecurity Europe 2008. The report focuses on the second half of 2007 and uses data derived from a range of tools running on approximately 450 million computers worldwide to provide an in-depth, global view of software vulnerabilities, software exploits, malicious software and potentially unwanted software.
The latest SIR shows the fewest number of security vulnerability disclosures across the software industry since the second half of 2005, along with a rise in malicious and potentially unwanted software, which demonstrates a continued use of malware as a tool for targeting computer users for profit.
More specifically, the second half of 2007 showed a decline in new security vulnerability disclosures by 15 per cent and a decrease in total vulnerability disclosures by 5 per cent for all of 2007. Vulnerabilities are weaknesses in software that allow an attacker to compromise the integrity, availability or confidentiality of that software. The data also reveals a 300 per cent increase in the number of trojan downloaders and droppers — malicious code used to install files on users’ systems — illustrating that the malware category continues to grow in popularity among attackers.
The report also shows a 66.7 per cent increase in the number of potentially unwanted software detections — programs that may impact user privacy or security by performing actions the person may not want — between 1 July and 31 Dec, with a total of 129.5 million pieces of potentially unwanted software found on users’ systems.
“The SIR provides us with a chance to share with our customers and industry partners what we’re seeing in the threat landscape so we can all help ensure users are better protected and work toward a more trusted internet,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. “This latest volume supports our position that today’s threats continue to be motivated by monetary gain, and it also gives us a solid view of vulnerability and exploit trends.”
The purpose of the SIR is to keep customers informed of the major trends in the threat landscape and provide valuable insights and security guidance designed to help customers make better, more informed decisions with regard to products, technologies and resources. The latest report builds on previously gathered data, but also includes new sections focused on issues of security breach notifications, spam and phishing, internet safety enforcement, and the storm worm — a highly visible, continually updating and adapting trojan dropper.
Based on these and other key findings from the report, Microsoft recommends all interested parties use the data, insights and guidance contained in the report to better assess and improve their own security practices. Active steps Microsoft recommends include the following:
· Check for and apply software updates on an ongoing basis, including updates provided for third-party applications.
· Enable a firewall.
· Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software.
A copy of Microsoft’s newest Security Intelligence Report and other related information can be found at http://www.microsoft.com/sir.
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realise their full potential.
About Microsoft EMEA (Europe, Middle East and Africa)
Microsoft has operated in EMEA since 1982. In the region Microsoft employs more than 16,000 people in over 64 subsidiaries, delivering products and services in more than 139 countries and territories.
This material is for informational purposes only. Microsoft Corp disclaims all warranties and conditions with regard to use of the material for other purposes. Microsoft Corp shall not, at any time, be liable for any special, direct, indirect or consequential damages, whether in an action of contract, negligence or other action arising out of or in connection with the use or performance of the material. Nothing herein should be construed as constituting any kind of warranty.
Company finds use of malicious software increasingly motivated by financial gain. LONDON — 22 April 2008