Today, Microsoft released its Security Intelligence Report, version 8. The SIR is a twice-a-year (semi-annual? biannual?) document issued by Microsoft that reports on threats across the Internet industry, including email threats, malware threats, loss-of-data threats, web threats, and so forth. Some key findings from this report:
- The number of malware infections cleaned by Microsoft is up in 2nd half of 2009 (2H09) compared to the first half of 2009 (1H09).
- Taterf and Frethog, two password stealers that were very prevalent in 1H09, were less so in 2H09. However, Taterf, Renos and FakeXPA were the top 3 pieces of malware detected in 2H09 respectively.
- The later your version of Windows (XP –> Vista –> 7), the less likely your computer was to suffer a malware infection.
- Spam is well over 90% of all email (not including intranet email which doesn’t flow through spam filters). Financial scams like phishing, advance fee fraud scams and phishing are well up in 2H09.
- Vulnerability disclosures are slowly decreasing over time. Either companies are disclosing less, their software is getting better, or malware authors haven’t taken the time to discover the exploits.
I wrote a big chunk of the email threats section. You can check out the SIR here.