Microsoft releases its Security Intelligence Report, version 8

Today, Microsoft released its Security Intelligence Report, version 8.  The SIR is a twice-a-year (semi-annual? biannual?) document issued by Microsoft that reports on threats across the Internet industry, including email threats, malware threats, loss-of-data threats, web threats, and so forth.  Some key findings from this report:

  • The number of malware infections cleaned by Microsoft is up in 2nd half of 2009 (2H09) compared to the first half of 2009 (1H09).

  • Taterf and Frethog, two password stealers that were very prevalent in 1H09, were less so in 2H09.  However, Taterf, Renos and FakeXPA were the top 3 pieces of malware detected in 2H09 respectively.

  • The later your version of Windows (XP –> Vista –> 7), the less likely your computer was to suffer a malware infection.

  • Spam is well over 90% of all email (not including intranet email which doesn’t flow through spam filters).  Financial scams like phishing, advance fee fraud scams and phishing are well up in 2H09.

  • Vulnerability disclosures are slowly decreasing over time.  Either companies are disclosing less, their software is getting better, or malware authors haven’t taken the time to discover the exploits.

I wrote a big chunk of the email threats section.  You can check out the SIR here.

Get Microsoft Silverlight