Microsoft Security Intelligence Report Volume 17 | January through June, 2014 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2014 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Dennis Batchelder Nam Ng Tim Rains Microsoft Malware Protection Microsoft Trustworthy Microsoft Trustworthy Center Computing Computing Joe Blackbird Niall O'Sullivan Jerome Stewart Microsoft Malware Protection Microsoft Digital Crimes Unit Microsoft Digital Crimes Unit Center Daryl Pecelj Holly Stewart Paul Henry Microsoft IT Information Microsoft Malware Protection Wadeware LLC Security and Risk Management Center Sriram Iyer Anthony Penta Todd Thompson Application and Services Group Windows Services Safety Microsoft IT Information Platform Security and Risk Management Jeff Jones Microsoft Trustworthy Simon Pope Terry Zink Computing Microsoft Trustworthy Exchange Online Protection Computing Aneesh Kulkarni Geoff McDonald Windows Services Safety Ina Ragragio Microsoft Malware Protection Platform Microsoft Malware Protection Center Center Marc Lauricella Microsoft Trustworthy Computing Contributors Tanmay Ganacharya Sean Krulewitch Takumi Onodera Microsoft Malware Protection Application and Services Group Microsoft Premier Field Center Engineering, Japan Jenn LeMond Roger Grimes Microsoft IT Laura A. Robinson Microsoft IT Microsoft IT Geoff McDonald Chris Hale Microsoft Malware Protection Norie Tamura Microsoft Trustworthy Center CSS Japan Security Response Computing Team Scott Molenkamp Satomi Hayakawa Microsoft Malware Protection Steve Wacker CSS Japan Security Response Center Wadeware LLC Team Dolcita Montemayor Iaan Wiltshire Ben Hope Microsoft Malware Protection Microsoft Malware Protection Microsoft Malware Protection Center Center Center Daric Morton Yurika Kakiuchi Microsoft Services CSS Japan Security Response Team ii ABOUT THIS REPORT Table of contents About this report .......................................................................................................................... v Featured intelligence 1 Securing account credentials .................................................................................................... 3 Account compromise primer ...................................................................................................................... 3 Responding to recovered credentials ..................................................................................................... 14 Conclusion .................................................................................................................................................... 19 The challenge of expired security software ....................................................................... 21 How much protection does expired security software provide? ...................................................... 25 What is the cause of this problem? ......................................................................................................... 26 Guidance: Staying up-to-date with security software ......................................................................... 28 The Microsoft DCU and the legal side of fighting malware ......................................... 29 How DCU disrupts malware networks..................................................................................................... 31 Call to action ............................................................................................................................................... 32 Worldwide threat assessment 33 Vulnerabilities .............................................................................................................................. 35 Industry-wide vulnerability disclosures .................................................................................................. 35 Vulnerability severity .................................................................................................................................. 36 Vulnerability complexity ............................................................................................................................ 38 Operating system, browser, and application vulnerabilities .............................................................. 39 Microsoft vulnerability disclosures ........................................................................................................... 41 Guidance: Developing secure software ................................................................................................. 42 Exploits ........................................................................................................................................... 43 Exploit families ............................................................................................................................................ 45 Exploit kits and other HTML/JavaScript exploits ................................................................................... 46 Java exploits ................................................................................................................................................ 49 Operating system exploits ......................................................................................................................... 51 Document exploits ..................................................................................................................................... 53 Adobe Flash Player exploits ..................................................................................................................... 53 Malware ......................................................................................................................................... 55 The Sefnit saga: a timeline .........................................................................................................................57 Malware prevalence worldwide............................................................................................................... 65 MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 17, JANUARY–JUNE 2014 iii Threat categories ........................................................................................................................................ 73 Threat families ............................................................................................................................................. 76 Ransomware ................................................................................................................................................ 81 Home and enterprise threats .................................................................................................................... 85 Security software use .................................................................................................................................. 89 Guidance: Defending against malware ................................................................................................... 92 Email threats ................................................................................................................................ 93 Spam messages blocked ........................................................................................................................... 93 Guidance: Defending against threats in email ...................................................................................... 95 Malicious websites..................................................................................................................... 96 Phishing sites ................................................................................................................................................ 97 Malware hosting sites ............................................................................................................................... 102 Application reputation ............................................................................................................................. 107 Guidance: Protecting users from unsafe websites .............................................................................. 108 Mitigating risk 109 Malware at Microsoft: Dealing with threats in the Microsoft environment ........... 111 Antimalware usage .................................................................................................................................... 111 Malware detections ................................................................................................................................... 112 Malware infections ..................................................................................................................................... 114 What IT departments can do to minimize these trends ..................................................................... 115 Mitigating risk with Microsoft Office ................................................................................. 117 Security mitigations in Microsoft Office ................................................................................................