22 April 2007 Microsoft Confidential 1 What is malware? What is the impact? How has malware evolved? Who is in the malware chain? How is malware created? How do we respond?
22 April 2007 Microsoft Confidential 2 Innocuous No potential for harm Notepad
Ad-supported software Advertising Displays ads Unauthorized pop-ups
Authorized search toolbar Collects personal data Collects data Covert data collector
Spyware and other Potentially Settings utilities Changes settings Changes configuration Unwanted Software Browser hijacker Programs that perform certain behaviors Parental controls Records keystrokes Monitoring without appropriate user consentKeystroke and control loggers
ISP software Auto-dials toll numbers Dialing Porn dialers
Cycle sharing programs Remote usage Remotely uses resources Backdoor software Viruses, Worms, Trojans Known bad Clearly malicious (e.g., virus) Sasser Programs that perform known bad activities 22 April 2007 Microsoft Confidential 3 1986 - 1995 1995 - 2000 2000 - 2005 2006+
Local Area Networks Internet Era Broadband prevalent Peer to Peer First PC virus Macro viruses Spyware Social engineering Boot sector viruses Script viruses Botnets Hyperjacking Create notoriety or Create notoriety or Rootkits Application attacks cause havoc cause havoc Financial motivation Financial motivation Slow propagation Faster propagation Internet wide impact Targeted attacks 16-bit DOS 32-bit Windows 32-bit Windows 64-bit Windows
22 April 2007 Microsoft Confidential 4 Greek English (US) Finnish Chinese (Simplified) Hebrew 2.4% 4.0% 1.2% 7.2% 1.9% Korean Arabic 7.5% 3.2% Japanese Czech 3.1% 2.0%
Hungarian Spanish (Spain) 3.2% 4.7% Norwegian 2.6%
Portuguese (Portugal) 3.4% Danish 2.9% Russian Turkish 3.1% 20.2% Swedish 2.4% Polish German 4.5% French 3.4% Portuguese (Brazil) Chinese (Traditional) Italian Dutch 3.8% 2.4% 4.2% 3.1% 3.5%
22 April 2007 Microsoft Confidential 5 4.0M
3.5M
3.0M
2.5M
2.0M
1.5M
1.0M
0.5M Computers CleanedComputers
IM Worm Virus Exploit P2P Worm Rootkit E-mail Backdoor Worm Worm Trojan
62% backdoor Trojans 35% social engineering (e-mail, P2P, IM)
22 April 2007 Microsoft Confidential 6 22 April 2007 Microsoft Confidential 7 22 April 2007 Microsoft Confidential 8 Microsoft refernces MSRT page http://www.microsoft.com/security/malwareremove MSRT White Paper http://www.microsoft.com/downloads Microsoft Security Intelligence Report 1H06 … & 2H06 http://www.microsoft.com/downloads Windows Live Safety Center http://safety.live.com/ Windows Live OneCare http://www.windowsonecare.com/ Windows Defender http://www.microsoft.com/windowsdefender
22 April 2007 Microsoft Confidential 9 2005 2006 1st Half 2006 2nd Half ------>>>
22 April 2007 Microsoft Confidential 10 1. Enable your Firewall 2. Update your Operating System (OS) 3. Use up to date Anti-virus (AV) 4. Use up to date Anti-spyware (AS)
Update OS, AV & AS – Frequently !!!
22 April 2007 Microsoft Confidential 11 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 22 April 2007 Microsoft Confidential 12