Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still Top Threat

Nov 02, 2009 (09:11 AM EST)

REDMOND, Wash., Nov. 2 /PRNewswire-FirstCall/ -- Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.


In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft's work to aggressively clean customer machines and customers' diligence in applying software updates.

SIRv7 provides a deep, accurate view of the threat landscape country by country. For the first time, this report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.

"It's been said that knowledge is power -- and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."

The security intelligence contained in SIRv7 is collected through a broad community of customers around the globe who share Microsoft's goal of obtaining the most accurate view of the threat landscape. Reporting mechanisms for the Microsoft Security Intelligence Report are diverse and comprehensive, including Microsoft's Malicious Software Removal Tool (MSRT), on 450 million computers worldwide; Bing, which performed billions of Web page scans during the past six months; Windows Live OneCare and Windows Defender, operating on more than 100 million computers worldwide; Forefront Online Protection for Exchange and Forefront Client Security, scanning billions of e-mail messages yearly; and Windows Live Hotmail, operating in more than 30 countries with hundreds of millions of active e-mail users.

Ten years after Melissa appeared and defined mass-mailing worms as a class of malicious threats, worm infections have resurged to become the second most prevalent threat for enterprises in the first half of 2009. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments. According to SIRv7, the following were the top two families detected:

According to the report, rogue security software remained the single largest threat category for the first half of 2009. In addition, while there has been progress combating rogues, this threat remained a major pain point for computer users during the same period. Also known as "scareware," rogue security software takes advantage of customers' desire to keep their computer protected. Microsoft products and services removed malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from a company they trust and to keep its threat definitions up to date.

In contrast, the report highlights the significant decrease in Zlob disinfections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009 -- a remarkable tenfold decrease.

Infection rates and threats vary geographically, and SIRv7 contains proven best practices from countries with the lowest infections. For example, infection rates in Japan, Austria and Germany remained relatively low during this period. Following is insight into how professionals from these regions keep their customers and resources safe from cyber threats:

Central to the success in each of these regions is the growing trend of community-based defense, in which the broader industry combines its collective strengths and intelligence to help defend computer users. Customers worldwide can use SIRv7's detailed level of geographical insight to help inform their threat management and risk management operations on a local, regional and global level.

Microsoft recommends customers and organizations use the data and prescriptive guidance outlined in the Microsoft Security Intelligence Report to assess and improve their security practices. The following are some of the top proactive steps Microsoft recommends for individuals and businesses:

A full list of Microsoft's guidance, a downloadable version of SIRv7 and other related resources are available at HASH(0x12dd730) .

Founded in 1975, Microsoft is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

CONTACT: Rapid Response Team of Waggener Edstrom Worldwide,, , for Microsoft Corp.

Web site: