Download Microsoft_Security_Intelligence_Report_volume_9_Jan-June2010_English PDF

File Size6.8 MB
Total Pages136
Table of Contents
	About This Report
		Reporting Period
	Microsoft Malware
Protection Center
	Microsoft Trustworthy
Computing Group
Battling Botnets for 
Control of Computers
	What Is a Botnet?
		Botnets Today
		How Botnets Are Used
		How Botnets Work
		Botnet Commerce
	The Scope of the Problem: Botnet Data
 and Metrics
		Most Active Botnet Families in 2Q10
	Where’s Conficker?
		Operating System Statistics
		Geographic Statistics
		Spam from Botnets
	Fighting Back Against Botnets
		Detecting Botnets
	Win32/Waledac and the Law: 
Fighting Botnets in Court
		Microsoft Digital Crimes Unit (DCU)
		A New Approach
		Why Waledac, Why Now?
		Technical Action Plan
		The Legal Action Plan
	Works Cited
Malware Key Findings
	Trustworthy Computing: 
Security Engineering at Microsoft
	Industry-Wide Vulnerability Disclosures
		Vulnerability Disclosures
		Vulnerability Severity
		Vulnerability Complexity
		Operating System, Browser, and Application Vulnerabilities
		Guidance: Developing Secure Software
	Vulnerability Reports for Microsoft Products
		Coordinated Vulnerability Disclosure
		Microsoft Security Bulletins in 1H10
	Usage Trends for Windows Update and Microsoft Update
		Update Clients and Services
		Guidance: Keeping Your Software Up To Date
	Security Breach Trends
		Guidance: Preventing and Mitigating Security Breaches
	Malware and Potentially Unwanted 
Software Trends
	Infection Rate Calculation Updated
		Geographic Statistics
		Infection Trends Around the World
		Category Trends
		Operating System Trends
		Malware and Potentially Unwanted Software Families
		Rogue Security Software
		Threats at Home and in the Enterprise
		Guidance: Defending Against Malicious and Potentially Unwanted Software
	Email Threats
		Spam Trends and Statistics
		Guidance: Defending Against Threats in Email
	Malicious and Compromised Websites
		Analysis of Phishing Sites
		Analysis of Malware Hosts
		Analysis of Drive-By Download Sites
		Automated SQL Injection Attacks
		Guidance: Protecting Users from Unsafe Websites
Managing Risk
	Making Microsoft More Secure
		Information Security Policies
		Promoting Awareness
		Defending Against Malware
	Malware Response Case Study
		Isolate the Computer
		Identify the Malware
		Determine How the Malware Starts
		How Was the Malware Installed?
		Determine Malware Connectivity
		Remediate the Malware
	Appendix A: Threat Naming Conventions
	Appendix B: Data Sources
		Microsoft Products and Services
	Appendix C: Worldwide Bot Infection Rates
		Threat Families Referenced in This Report
Geographic Statistics
Document Text Contents
Page 1

Volume 9
January through June 2010

Microsoft | Security Intelligence Report

An in-depth perspective on

software vulnerabilities and exploits,

malicious code threats, and

potentially unwanted software,

focusing on the first half of 2010

Page 2


Microsoft | Security Intelligence Report

Microsoft Security Intelligence Report

Copyright © 2010 Microsoft. All rights reserved. No part of the contents of this
book may be reproduced or transmitted in any form or by any means without the
written permission of the publisher.

Library of Congress Control Number:
ISBN 978-0-615-40091-4

Printed and bound in the United States of America.

Microsoft and the trademarks listed at
us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft
group of companies. All other marks are property of their respective owners.

The example companies, organizations, products, domain names, email addresses,
logos, people, places, and events depicted herein are fictitious. No association
with any real company, organization, product, domain name, email address, logo,
person, place, or event is intended or should be inferred.

The information contained in this publication represents the current view of
Microsoft Corporation on the issues discussed as of the date of publication.
Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot
guarantee the accuracy of any information presented after the date of publication.

The information contained in this publication is provided without any express,
statutory, or implied warranties. Neither the Microsoft Corporation, nor its
resellers, or distributors will be held liable for any damages caused or alleged to
be caused either directly or indirectly by this publication.

Page 68


Microsoft | Security Intelligence Report

Usage Trends for Windows Update and
Microsoft Update

he prompt, widespread adoption of security updates and other software
upgrades can significantly mitigate the spread and impact of malware. Over
the past decade, many software vendors have developed mechanisms to
inform users about the availability of new updates and enable them to obtain

and install updates easily and automatically. Security-conscious IT departments have
responded by developing practices to quickly test and assess newly issued updates and to
deliver them to their users.

Update Clients and Services
Microsoft provides two publicly available update services. Windows Update provides
updates for Windows® components and device drivers provided by Microsoft and other
hardware vendors as well as updates for Microsoft anti-malware products. Microsoft
Update provides all of the updates offered through Windows Update and provides
updates for other Microsoft software, such as the Microsoft Office system, Microsoft SQL
Server®, and Microsoft Exchange Server. (See “Usage Trends for Windows Update and
Microsoft Update” in the Reference Guide section of the Security Intelligence Report
website for more information about these services.)

Figure 33 shows the relative usage of these two services since 2H06.

FIGURE 33 Usage of Windows Update and Microsoft Update, 2H06–2H09 (2H06 total usage = 100%)

◆◆ Microsoft Update adoption has risen significantly over the past several years. The
number of computers using the more comprehensive service has increased by more
than 10.7 percent since 2H09.

Page 69


January through June 2010

◆◆ Overall usage of Windows Update and Microsoft Update has increased by more than
75 percent since 2H06.

Enterprise customers can use Windows Server Update Services (WSUS) or the Microsoft
System Center family of management products to provide update services for their man-
aged computers. Figure 34 shows the growth of WSUS usage and Windows Update/
Microsoft Update relative to 2H06.

FIGURE 34 Relative growth in Microsoft WSUS and end-user update services, 2H06–1H10 (2H06 = 100%)

◆◆ WSUS usage from 1H08 to 2H09 is estimated due to a reporting error that was
resolved in 1H10.

◆◆ Public update service usage and the number of WSUS servers managing updates have
both grown faster than the Windows installed base since 2H06, which indicates that
users are choosing to enable updating on existing Windows installations as well as on
new installations.

Guidance: Keeping Your Software Up To Date
Installing the latest security updates from Microsoft and other software vendors as they
are released is one of the most important steps organizations and individuals can take to
defend against threats that spread through exploits. Using the Microsoft Update service
will help ensure that security updates are delivered in a timely manner for all Microsoft

For in-depth guidance, see “Using Update Services” in the Managing Risk section of the
Security Intelligence Report website.

Page 135


January through June 2010

Win32/Virut: A family of file-infecting viruses that target and infect .exe and .scr files
accessed on infected systems. Win32/Virut also opens a backdoor by connecting to an
IRC server.

Win32/Waledac: A trojan that is used to send spam. It also has the ability to download
and execute arbitrary files, harvest email addresses from the local machine, perform
denial-of-service attacks, proxy network traffic, and sniff passwords

Win32/Winwebsec: A rogue security software family distributed under the names
Winweb Security, System Security, and others.

Win32/Zbot: A family of password stealing trojans that also contains backdoor function-
ality allowing unauthorized access and control of an affected machine.

Win32/Zwangi: A program that runs as a service in the background and modifies web
browser settings to visit a particular website.

Page 136

One Microsoft Way
Redmond, WA 98052-6399
microsoft .com/security

Similer Documents