Interesting Insights from the Latest MSIR
October 18, 2011 | POSTED BY BRETT EDGAR IN MALWARE, SECURITY, MONITORING, MICROSOFT, SECURITY AWARENESS & TRAINING
The latest Microsoft Security Intelligence Report
(Volume 11) has been released and contains some interesting information that Microsoft has collected from the execution of its Malicious Software Removal Tool (MSRT) and Internet Explorer SmartScreen® data. Several of the results confirm what those of us in the network security monitoring community already know: Java is the most often exploited application (page xvii), Adobe Acrobat exploits account for most malicious documents (page xviii), and Adware is the most common type of malware identified (page xx). Microsoft also stated that over a third of malware detected could spread via the AutoRun feature on removable media or on network shares. Updates exist that help make the AutoRun feature in XP and Vista more like the one in Windows 7, which is to say more secure. Deploy those updates.
Some of the more interesting information reported:
- What is not getting exploited as often as I would have suspected - Adobe Flash and Microsoft Office. Even though two Flash vulnerabilities identified in the first half of 2011 led to an increase in exploits against Flash, Flash is getting exploited 7 times less often than Java!
- For the last four quarters (Q3 2010 through Q2 2011) the detection of trojan and backdoor malware has experienced a consistent slight downward trend. An explanation could be the coordinated take down of several large botnets in the past year. Microsoft has been involved in those take downs, so a shout of thanks goes to them!
- Another unexpected result: phishing attacks against social networks accounted for slightly less than half of all phishing attempts, while attacks against financial institutions accounted for slightly more than one-third of phishing attempts. In April, Microsoft's data indicated that 84% of all phishing attempts were against social networks.
So, what does this mean for security professionals in the corporate world? Well, it's nothing new really: protect the clients just as you would the servers. Patching the OS is no longer enough. You must patch applications regularly too - most importantly, Java, Acrobat, and Flash. Disable AutoRun, if possible, but at a minimum deploy the updates from Microsoft for XP and Vista that make them more secure. And, finally, warn your users about phishing attacks and discourage using the same password for personal social networking and financial websites as they use for their corporate login(s).