Microsoft releases its Security Intelligence Report, version 8
Today, Microsoft released its Security Intelligence Report, version 8. The SIR is a twice-a-year (semi-annual? biannual?) document issued by Microsoft that reports on threats across the Internet industry, including email threats, malware threats, loss-of-data threats, web threats, and so forth. Some key findings from this report:
The number of malware infections cleaned by Microsoft is up in 2nd half of 2009 (2H09) compared to the first half of 2009 (1H09).
Taterf and Frethog, two password stealers that were very prevalent in 1H09, were less so in 2H09. However, Taterf, Renos and FakeXPA were the top 3 pieces of malware detected in 2H09 respectively.
The later your version of Windows (XP –> Vista –> 7), the less likely your computer was to suffer a malware infection.
Spam is well over 90% of all email (not including intranet email which doesn’t flow through spam filters). Financial scams like phishing, advance fee fraud scams and phishing are well up in 2H09.
Vulnerability disclosures are slowly decreasing over time. Either companies are disclosing less, their software is getting better, or malware authors haven’t taken the time to discover the exploits.
I wrote a big chunk of the email threats section. You can check out the SIR here.