Microsoft Security Intelligence Report (vol 10)

Microsoft has released volume 10 of their Security Intelligence Report, covering 2010.

The SIR is the results of an  investigation of the threat landscape, analyzing exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, internet services, and Microsoft  Security Centers.  In SIRv10, Microsoft presents a short video that  calls attention to the second most commonly detected fake anti-virus software:  Win32/FakePAV.   The video describes how Win32/FakePAV steals credit card  information, and then shows how to remove the trojan.

In addition to the Win32/FakePAV feature, they continue to highlight the ongoing threat of botnets in “Battling Botnets,” which was  released in 2010.

Key Findings:

  • Application versus operating system or web browser vulnerabilities continued to account for the majority of vulnerabilities in 2010.
  • The total number of application vulnerabilities declined 22.2% from 2009.
  • Vulnerability disclosures for Microsoft products increased slightly in 2010 but have generally remained stable over the past several periods.
  • Exploitation thru Java is rising since Q2 2010.  Exploitation on the Java platform far exceeds Adobe software and OS platforms.
  • Malicious IFrames account for a large number of attacks over HTTP, likely indicating the effect of hijacked and compromised websites.
  • Conficker is the most active malware family in the Enterprise environment and only 9th in the general Internet environment.
  • JS/Pornpop is the most active malware family on the non-corporate Internet environment.
  • Phishing sites targeting social networks are increasing and they are effective in getting themselves presented to victims.
  • Overall OS level vulnerability counts is steady and browser vulnerability count is increasing slower.

Download and read this interesting report.