• silicon.com
• Technology
• Security

By Elinor Mills, 4 November 2008 09:04

NEWS

Vulnerabilities are decreasing but becoming easier to exploit; Trojans are the biggest threat; and Chinese computers are infected with more browser-based exploits than anywhere else.

These are the findings of the Microsoft Security Intelligence Report, released Monday.

Covering the first half of this year, the report provides statistics compiled from Microsoft's Malware Protection Center that reveal trends about threats, breaches and infection rates.

George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group, said in an interview: "Industry-wide, we've seen a decrease in the last 12 months in vulnerabilities across products, [down nearly 20 per cent from the year-ago period]."

Meanwhile, the percentage of disclosed vulnerabilities that are easiest to exploit increased, with 56 per cent requiring a low complexity exploit, according to the report.

Operating system vulnerabilities continued to decline, representing about six per cent of disclosed vulnerabilities with more than 90 per cent found in applications.

And vulnerabilities in Microsoft software continued to trend down, by about one-third from the second half of 2007. About one-third of vulnerabilities disclosed in Microsoft software had publicly available exploit code.

Microsoft released patches for 77 security vulnerabilities during the first half of 2008, with 25 having publicly available exploit code.

The total amount of malware and unwanted software removed from computers worldwide in the first half of the year increased more than 43 per cent from the second half of last year. Trojan downloaders accounted for more than 30 per cent of that.

Of the computers serviced by Microsoft's Malicious Software Removal Tool, which runs on every PC that gets Windows updates, an average of 10 out of 1,000 are found to be infected worldwide, Stathakopoulos said. In the US, the infection number is 11.2 per 1,000. The lowest infection rate is in Japan, at 1.8 infected computers per 1,000, and at the other end is Afghanistan at 76 machines per 1,000, he said.

Downloaders or droppers, software that drops back doors on to computers, remained the most prevalent threat category. More than 96 per cent of the computers cleaned in this category were attributed to two Trojan families: Win32/Zlob and Win32/Renos, the report said.

"Defences against viruses and spyware work pretty well," said John Pescatore, an analyst at Gartner. "But the numbers are growing for Trojans; things are getting right through the antivirus and spyware software. It's not stopping the targeted malicious executables."

The changing landscape of vulnerabilities, with social engineering attacks plaguing PCs means companies should change their strategy for how they protect the corporate network, said Don Retallack, an analyst at Directions on Microsoft.

"Companies and organisations may want to do some employee training rather than counting on [software] configuration management," he said.

The report also has some interesting statistics specific to different countries. For instance, China has a high level of browser-based exploits, accounting for 47 per cent of all incidents, followed by the US with 23 per cent of incidents, the report found.

China is at the top of the list because the software developers there are not as disciplined in writing code with security in mind and the huge market is an attractive target for malware writers, Stathakopoulos said.

In Brazil, password stealers dominate; viruses are big in Spain; in Italy it's unwanted software led by the peer-to-peer client Wi32/BearShare; while in Korea viruses are the biggest threat.