DOCSLIB.ORG

Microsoft Security Intelligence Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 11 An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2011 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ii Authors Joe Faulhaber John Lambert Dave Probert Hemanth Srinivasan Microsoft Malware Protection Microsoft Security Microsoft Security Microsoft Malware Protection Center Engineering Center Engineering Center Center David Felstead Marc Lauricella Tim Rains Holly Stewart Bing Microsoft Trustworthy Microsoft Trustworthy Microsoft Malware Protection Computing Computing Center Paul Henry Wadeware LLC Aaron Margosis Mark E. Russinovich Matt Thomlinson Microsoft Public Sector Microsoft Technical Fellow Microsoft Security Response Jeff Jones Services Center Microsoft Trustworthy Weijuan Shi Computing Michelle Meyer Windows Business Group Jeff Williams Microsoft Trustworthy Microsoft Malware Protection Ellen Cram Kowalczyk Computing Adam Shostack Center Microsoft Trustworthy Microsoft Trustworthy Computing Anurag Pandit Computing Scott Wu Windows Live Safety Microsoft Malware Protection Jimmy Kuo Platform Frank Simorjay Center Microsoft Malware Protection Microsoft Trustworthy Center Anthony Penta Computing Terry Zink Windows Live Safety Microsoft Forefront Online Platform Protection for Exchange Contributors Roger Capriotti Vinny Gullotto Ken Malcolmson Richard Saunders Windows Live Safety Microsoft Trustworthy Microsoft Trustworthy Microsoft Trustworthy Platform Computing Computing Computing Doug Cavit Satomi Hayakawa Takumi Onodera Jasmine Sesso Microsoft Trustworthy CSS Japan Security Response Microsoft Premier Field Microsoft Malware Protection Computing Team Engineering, Japan Center CSS Japan Security Forbes Higman Daryl Pecelj Norie Tamura Response Team Windows Live Safety Microsoft IT Information CSS Japan Security Response Microsoft Japan Platform Security and Risk Team Management Dave Forstrom Yuhui Huang Matt Thomlinson Microsoft Trustworthy Microsoft Malware Protection Kathy Phillips Microsoft Trustworthy Computing Center Microsoft Legal and Computing Corporate Affairs Eric Foster Aaron Hulett Patrik Vicol Windows Live Safety Microsoft Malware Protection Tareq Saade Microsoft Malware Protection Platform Center Microsoft Malware Protection Center Center Enrique Gonzalez Hilda Larina Ragragio Steve Wacker Microsoft Malware Protection Microsoft Malware Protection Wadeware LLC Center Center Heather Goudey Eric Lawrence Microsoft Malware Protection Windows Live Safety Center Platform iii iv Table of Contents About This Report ............................................................................................................................... ix Trustworthy Computing: Security Engineering at Microsoft ................................................ x Key Findings Summary xi Zeroing In on Malware Propagation Methods 1 Background............................................................................................................................................. 3 Analysis and Results ............................................................................................................................. 5 A New Method for Classifying Malware Propagation ....................................................... 5 Data Used ........................................................................................................................................... 6 Analytic Methods ............................................................................................................................ 7 Results ................................................................................................................................................ 10 Insights ................................................................................................................................................... 12 User Interaction .............................................................................................................................. 13 Feature Abuse ................................................................................................................................. 13 Exploit Age ....................................................................................................................................... 14 Zero-Day Exploits: A Supplemental Analysis ................................................................. 14 Analysis Details .................................................................................................................................... 17 The Project Broad Street Taxonomy ...................................................................................... 17 Using the Taxonomy ............................................................................................................... 17 Vulnerability Subprocess ....................................................................................................... 20 Methodology Details ................................................................................................................... 21 v Other classifications of malware ......................................................................................... 22 Conclusion ............................................................................................................................................ 24 Call to Action .................................................................................................................................. 24 Advice to IT Professionals on Social Engineering .................................................................. 25 Organizations ................................................................................................................................. 25 Software ............................................................................................................................................ 27 People ................................................................................................................................................ 27 Worldwide Threat Assessment 29 Vulnerabilities ...................................................................................................................................... 31 Industry-Wide Vulnerability Disclosures .............................................................................. 31 Vulnerability Severity ................................................................................................................... 32 Vulnerability Complexity ............................................................................................................ 34 Operating System, Browser, and Application Vulnerabilities ....................................... 35 Microsoft Vulnerability Disclosures ........................................................................................ 36 Guidance: Developing Secure Software ............................................................................... 37 Exploits ................................................................................................................................................... 38 Java Exploits .................................................................................................................................... 40 HTML and JavaScript Exploits .................................................................................................. 41 Document Parser Exploits .......................................................................................................... 42 Microsoft Office File Format Exploits ............................................................................... 43 Operating System Exploits ......................................................................................................... 45 Adobe Flash Player Exploits ...................................................................................................... 47 Malware and Potentially Unwanted Software ......................................................................... 49 CCM Calculation Changes ......................................................................................................... 49 Global Infection Rates ................................................................................................................. 51 Regional Effective Practices.................................................................................................. 56 Operating System Infection Rates .......................................................................................... 57 vi Threat Categories .......................................................................................................................... 60 Threat Categories By Location ............................................................................................ 61 Threat Families ..............................................................................................................................
Load more

Recommended publications
  • Unified, Easy-To-Manage Endpoint Security
    Unified, Easy-to-Manage Endpoint Security Microsoft® Forefront™ Protect Business Continuity with Improved Management Client Security protects of Endpoint Security laptops, desktops, and file The release of the next generation of on Windows firewall activities. The agent servers with integrated Forefront client security protects business incorporates proven technologies already protection against laptops, desktops, and file servers against in use on millions of computers worldwide malware. It simplifies viruses, spyware, rootkits, and other and is backed by efficient and effective control of endpoint malware. The solution includes: threat response from the Microsoft security and provides n A single agent that provides antivirus Malware Protection Center. better visibility into the and antispyware protection, vulnerability Forefront Client Security is designed to overall protection of the assessment and remediation, and host simplify administration and save valuable environment. Defenses firewall management. time through its single management are easily managed from n A central management server that console and policy configuration, the Microsoft Forefront enables administrators to configure, central update infrastructure, and Management Console update, and report on agent activity automated endpoint discovery. It also code-named “Stirling.” across the enterprise. integrates with existing investments in Microsoft technologies. The two components work together to www.microsoft.com/ provide unmatched visibility and control To reduce risk,
    [Show full text]
  • Hackers Hit Supermarket Self-Checkout Lanes, Steal Money
    December 15, 2011 INSIDE THIS ISSUE Hackers Hit Supermarket Self-Checkout Lanes, Steal Hackers Hit Supermarket Self- Money from Shoppers Checkout Lanes, Steal Money Ars Technica from Shoppers Microsoft's New Windows Criminals have tampered with the credit and debit card readers at self-checkout Defender Tool Runs Outside lanes in more than 20 supermarkets operated by a [U.S.] California chain, Windows allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada MICROSOFT and urging customers who used self-checkout lanes to close their bank and credit RESOURCES card accounts. Microsoft Security Home Related reading: Magnetic Strip Technology in Our Credit Cards Facilitates Fraud. Microsoft Trustworthy Computing Analysis: Microsoft Security Sites It is the holiday season so it seemed appropriate to report on security stories Worldwide affecting shoppers. Stories about electronic skimmers and identity theft are definitely not something new in our world today — as a matter of fact they are a daily occurrence. The availability of credit card skimmers for a really cheap price and the profit made when an identity is sold make this a very lucrative business. In the current economy people seem to be using this business model to earn extra money as indicated by these stories on the FBI [U.S. Federal Bureau of Investigation] website. While it is important to be extra careful about packages being stolen from your doorstep during the holidays, it pays to be extra vigilant about your credit card information and identity as well.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
    [Show full text]
  • Windows 7 Bitlocker™ Drive Encryption Security Policy for FIPS 140-2 Validation
    Windows 7 BitLocker™ Security Policy Page 1 of 16 Windows 7 BitLocker™ Drive Encryption Security Policy For FIPS 140-2 Validation For Windows 7 Document version 1.0 08/31/2011 1. Table of Contents 1. TABLE OF CONTENTS ......................................................................................................................... 1 2. INTRODUCTION .................................................................................................................................. 2 2.1 List of Cryptographic Modules ........................................................................................................................... 2 2.2 Brief Module Description ................................................................................................................................... 3 2.3 Validated Platforms ........................................................................................................................................... 4 3. INTEGRITY CHAIN OF TRUST .......................................................................................................... 4 4. CRYPTOGRAPHIC BOUNDARIES ..................................................................................................... 5 4.1 Overall Cryptographic Boundary........................................................................................................................ 5 4.2 BitLocker™ Components Included in the Boundary .......................................................................................... 5 4.3 Other Windows
    [Show full text]
  • Partition - Partitioning a Hard Drive
    Partition - Partitioning a hard drive What is a partition? The partitioning of a hard drive occurs after the drive has been physically formatted but before it is logically formatted. It involves creating areas on the disk where data will not be mixed. It can be used, for example, to install differentoperating systems that do not use the same file system. There will therefore be at least as many partitions as there are operating systems using different file systems. If you are using just one operating system, a single partition the full size of the disk is sufficient, unless you want create several partitions so as to have, for example, several drives on which data are kept separate. There are three types of partitions: primary partitions, extended partitions andlogical drives. A disk may contain up to four primary partitions (only one of which can be active), or three primary partitions and one extended partition. In the extended partition, the user can create logical drives (i.e. "simulate" several smaller-sized hard drives). Let's look at an example where the disk contains one primary partition and one extended partition made up of three logical drives (later we will look at multiple primary partitions): For DOS systems (DOS, Windows 9x), only the primary partition is bootable, and is therefore the only one on which the operating system can be started. Partitioning is the process of writing the sectors that will make up the partition table (which contains information on the partition: size in sectors, position with respect to the primary partition, types of partitions present, operating systems installed,...).
    [Show full text]
  • Windows 10 Volume Licensing Overview
    Edition & Licensing Details Windows 10 Desktop Editions Edition Benefits Delivery of Updates Deployment Options Path to buy Home • Familiar and personal experience • Windows Update • Current Branch • OEM • All-new browser great for doing things online • Retail/ESD Consumers & BYOD • New ways to get organized and be productive • Free upgrade1 • Up-to-date with latest security and features • Management for BYOD scenarios Pro • Management of devices and apps • Windows Update • Current Branch • OEM • Support for remote and mobile scenarios • Windows Update • Current Branch for Business • Retail/ESD Small, for Business lower mid-size • Cloud technologies for organizations • VL businesses • Update quality confidence with broad • WSUS • Free upgrade1 market validation Enterprise2 • Advanced security • Windows Update • Current Branch • VL • Full flexibility of OS deployment • Windows Update • Current Branch for Business Mid-size and large for Business enterprises • Advanced device and app management • Long Term Servicing Branch • Microsoft Desktop Optimization Pack (MDOP) • WSUS 1. For qualified Windows 7/8.1 devices 2. Some of these benefits require Software Assurance Windows 10 Pro in Volume Licensing Windows 10 Pro in Volume Licensing is sold only as an upgrade Standalone upgrade licenses are available through Open License and Select Plus/MPSA. Requires a qualified underlying operating system license Current Branch/Current Branch for Business Qualifying Operating Systems The following operating systems qualify for the Windows 10 Pro Upgrade
    [Show full text]
  • System Administration Storage Systems Agenda
    System Administration Storage Systems Agenda Storage Devices Partitioning LVM File Systems STORAGE DEVICES Single Disk RAID? RAID Redundant Array of Independent Disks Software vs. Hardware RAID 0, 1, 3, 5, 6 Software RAID Parity done by CPU FakeRAID Linux md LVM ZFS, btrfs ◦ Later Hardware RAID RAID controller card Dedicated hardware box Direct Attached Storage SAS interface Storage Area Network Fiber Channel iSCSI ATA-over-Ethernet Fiber Channel Network Attached Storage NFS CIFS (think Windows File Sharing) SAN vs. NAS PARTITIONING 1 File System / Disk? 2 TB maybe… 2TB x 12? 2TB x 128 then? Partitioning in Linux fdisk ◦ No support for GPT Parted ◦ GParted Fdisk Add Partition Delete Partition Save & Exit Parted Add Partition Change Units Delete Partition No need to save Any action you do is permanent Parted will try to update system partition table Script support parted can also take commands from command line: ◦ parted /dev/sda mkpart pri ext2 1Mib 10Gib Resize (Expand) 1. Edit partition table ◦ Delete and create with same start position 2. Reload partition table ◦ Reboot if needed 3. Expand filesystem Resize (Shrink) 1. Shrink filesystem ◦ Slightly smaller than final 2. Edit partition table ◦ Delete and create with same start position 3. Reload partition table ◦ Reboot if needed 4. Expand filesystem to fit partition No Partition Moving LOGICAL VOLUME MANAGER What is LVM? A system to manage storage devices Volume == Disk Why use LVM? Storage pooling Online resizing Resize any way Snapshots Concepts Physical Volume ◦ A disk or partition Volume Group ◦ A group of PVs Logical Volume ◦ A virtual disk/partition Physical Extent ◦ Data blocks of a PV Using a partition for LVM Best to have a partition table 1.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report VOLUME 23 Table of Contents Foreword...............................................................................................III Section 3: Wrestling ransomware............................................29 Analysis and explanation................................................................................30 Executive Summary........................................................................IV Solutions and recommendations.................................................................34 Section 1: Breaking botnets.........................................................5 Additional noteworthy threat intelligence.........................36 Analysis and explanation.................................................................................6 Cloud threat intelligence................................................................................37 Solutions and recommendations...............................................................14 Endpoint threat intelligence..........................................................................41 Section 2: Hackers turning to easy marks..........................15 Conclusion............................................................................................52 Social engineering...........................................................................................16 Analysis and explanation...............................................................17 Authors and Contributors...........................................................53
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 12 July through December, 2011 www.microsoft.com/sir Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2012 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. JULY–DECEMBER 2011 i Authors Dennis Batchelder David Felstead Ken Malcolmson Tim Rains Microsoft Protection Bing Microsoft Trustworthy Microsoft Trustworthy Technologies Computing Computing Paul Henry Shah Bawany Wadeware LLC Nam Ng Frank Simorjay Microsoft Windows Safety Microsoft Trustworthy Microsoft Trustworthy Platform Nitin Kumar Goel Computing Computing Microsoft Security Joe Blackbird Response Center Mark Oram Holly Stewart Microsoft Malware Microsoft Trustworthy Microsoft Malware Protection Center Jeff Jones Computing Protection Center Microsoft Trustworthy Eve Blakemore Computing Daryl Pecelj Matt Thomlinson Microsoft Trustworthy Microsoft IT Information Microsoft Trustworthy Computing Jimmy Kuo Security and Risk Computing Microsoft Malware Management Joe Faulhaber Protection Center Scott Wu Microsoft Malware Dave Probert Microsoft Malware Protection Center Marc Lauricella Microsoft
    [Show full text]
  • Download on Our Platform and We Have Obtained Licenses from Many Content Providers
    Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 Form 20-F (Mark One) ¨ REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934 or x ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2013. or ¨ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from to or ¨ SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 Date of event requiring this shell company report Commission file number: 000-51469 Baidu, Inc. (Exact name of Registrant as specified in its charter) N/A (Translation of Registrant’s name into English) Cayman Islands (Jurisdiction of incorporation or organization) Baidu Campus No. 10 Shangdi 10th Street Haidian District, Beijing 100085 The People’s Republic of China (Address of principal executive offices) Jennifer Xinzhe Li, Chief Financial Officer Telephone: +(86 10) 5992-8888 Email: [email protected] Facsimile: +(86 10) 5992-0000 Baidu Campus No. 10 Shangdi 10th Street, Haidian District, Beijing 100085 The People’s Republic of China (Name, Telephone, Email and/or Facsimile number and Address of Company Contact Person) Securities registered or to be registered pursuant to Section 12(b) of the Act: Title of Each Class Name of Each Exchange on Which Registered American depositary shares (ten American depositary shares representing one Class A ordinary share, The NASDAQ Stock Market LLC par value US$0.00005 per share) (The NASDAQ Global Select Market) Class A ordinary shares, par value US$0.00005 per share* The NASDAQ Stock Market LLC (The NASDAQ Global Select Market) * Not for trading, but only in connection with the listing on The NASDAQ Global Select Market of American depositary shares.
    [Show full text]
  • Applications: S
    Applications: S This chapter contains the following sections: • Sabah, on page 9 • Safari, on page 10 • SAFT, on page 11 • Sage, on page 12 • Sahibinden, on page 13 • Saks Fifth Avenue, on page 14 • Salesforce.com, on page 15 • Salesforce.com Live Agent, on page 16 • Sam's Club, on page 17 • Sametime, on page 18 • SAMR, on page 19 • Samsung, on page 20 • Samsung Push Notification, on page 21 • SANity, on page 22 • Sanook.com, on page 23 • SAP, on page 24 • SAP HostControl, on page 25 • SASCDN, on page 26 • SATNET, on page 27 • SATNET and Backroom EXPAK, on page 28 • SATNET Monitoring, on page 29 • SaveFrom, on page 30 • Sberbank of Russia, on page 31 • SBS, on page 32 • SCC Security, on page 33 • SCCM, on page 34 • SCCM Remote Control, on page 35 • SCCP, on page 36 • Schedule Transfer Protocol, on page 37 • schuelerVZ, on page 38 • Schwab, on page 39 • ScienceDirect, on page 40 Applications: S 1 Applications: S • SCO Desktop Administration Server, on page 41 • Sco I2 Dialog Daemon, on page 42 • SCO System Administration Server, on page 43 • SCO Web Server Manager 3, on page 44 • SCO WebServer Manager, on page 45 • scohelp, on page 46 • Scopia, on page 47 • Scopia Audio, on page 48 • Scopia Video, on page 49 • Scorecard Research, on page 50 • Scottrade, on page 51 • SCPS, on page 52 • Scribd, on page 53 • Scribd Upload, on page 54 • Scribol, on page 55 • SCSI-ST, on page 56 • SCTP, on page 57 • scx-proxy, on page 58 • SDNS-KMP, on page 59 • SDRP, on page 60 • Seamonkey, on page 61 • Search-Result.com, on page 62 • Searchnu, on page 63 •
    [Show full text]
  • User Browsing Graph: Structure, Evolution and Application1
    User Browsing Graph: Structure, Evolution and Application1 Yiqun Liu, Min Zhang, Shaoping Ma, Liyun Ru State Key Lab of Intelligent Technology and Systems Tsinghua National Laboratory for Information Science and Technology Department of Computer Science and Technology Tsinghua University, Beijing, 100084, China P.R. [email protected] ABSTRACT don’t work very well in this new situation. This paper focuses on ‘user browsing graph’ which is constructed Recently, the wisdom of the crowd is paid much attention in with users’ click-through behavior modeled with Web access logs. Web search researches, e.g. [7], [8] and [9]. In their work, users’ User browsing graph has recently been adopted to improve Web browsing behavior is usually considered as implicit feedback search performance and the initial study shows it is more reliable information for page relevance and importance. For example, Liu than hyperlink graph for inferring page importance. However, et. al. constructed ‘user browsing graph’ with search log data [10]. structure and evolution of the user browsing graph haven’t been They proposed a page importance estimation algorithm called fully studied and many questions remain to be answered. In this BrowseRank which performs on the user browsing graph. It is paper, we look into the structure of the user browsing graph and believed that the link structure in user browsing graph is more its evolution over time. We try to give a quantitative analysis on reliable than hyperlink graph because users actually follow links the difference in graph structure between hyperlink graph and in the browsing graph. user browsing graph, and then find out why link analysis Liu’s initial study shows that the BrowseRank algorithm works algorithms perform better on the browsing graph.
    [Show full text]