Microsoft Security Intelligence Report Volume 12 July through December, 2011 www.microsoft.com/sir Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2012 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. JULY–DECEMBER 2011 i Authors Dennis Batchelder David Felstead Ken Malcolmson Tim Rains Microsoft Protection Bing Microsoft Trustworthy Microsoft Trustworthy Technologies Computing Computing Paul Henry Shah Bawany Wadeware LLC Nam Ng Frank Simorjay Microsoft Windows Safety Microsoft Trustworthy Microsoft Trustworthy Platform Nitin Kumar Goel Computing Computing Microsoft Security Joe Blackbird Response Center Mark Oram Holly Stewart Microsoft Malware Microsoft Trustworthy Microsoft Malware Protection Center Jeff Jones Computing Protection Center Microsoft Trustworthy Eve Blakemore Computing Daryl Pecelj Matt Thomlinson Microsoft Trustworthy Microsoft IT Information Microsoft Trustworthy Computing Jimmy Kuo Security and Risk Computing Microsoft Malware Management Joe Faulhaber Protection Center Scott Wu Microsoft Malware Dave Probert Microsoft Malware Protection Center Marc Lauricella Microsoft Security Protection Center Microsoft Trustworthy Engineering Center Sarmad Fayyaz Computing Terry Zink Bing Microsoft Forefront Online Protection for Exchange Contributors Doug Cavit Satomi Hayakawa Takumi Onodera Jasmine Sesso Microsoft Trustworthy CSS Japan Security Microsoft Premier Field Microsoft Malware Computing Response Team Engineering, Japan Protection Center Chris Compton Jenn LeMond Anthony Penta Adam Shostack Microsoft Trustworthy Microsoft IT Information Microsoft Windows Safety Microsoft Trustworthy Computing Security and Risk Platform Computing Management Mike Convertino Kathy Phillips Maarten Van Microsoft Trustworthy Le Li Microsoft Legal and Horenbeeck Computing Microsoft Windows Safety Corporate Affairs Microsoft Trustworthy Platform Computing Enrique Gonzalez Hilda Larina Ragragio Microsoft Malware Jenner Mandel Microsoft Malware Henk van Roest Protection Center Microsoft Trustworthy Protection Center CSS Security EMEA Computing Heather Goudey Laura A. Robinson Patrik Vicol Microsoft Malware Hideya Matsuda Microsoft IT Information Microsoft Malware Protection Center CSS Japan Security Security and Risk Protection Center Response Team Management Roger Grimes Steve Wacker Microsoft IT Information Patrick Nolan Richard Saunders Wadeware LLC Security and Risk Microsoft Malware Microsoft Trustworthy Management Protection Center Computing Dan Wolff Microsoft Malware Protection Center ii MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 12 Table of Contents About this report ................................................................................................................................. vi Trustworthy Computing: Security engineering at Microsoft ............................................. vii How Conficker continues to propagate 1 Background............................................................................................................................................. 3 Propagation mechanisms ............................................................................................................. 5 Results .................................................................................................................................................. 6 Tips to help clean up an environment in which Conficker is present ......................... 9 Determined Adversaries and Targeted Attacks 11 Introduction .......................................................................................................................................... 13 Determined Adversaries ................................................................................................................... 15 Same old tricks, new era ............................................................................................................. 16 The role of the Internet ............................................................................................................... 17 Targeted Attacks ................................................................................................................................. 18 Challenges in defending against Targeted Attacks ............................................................... 23 The risk management challenge ............................................................................................. 23 Prevention ........................................................................................................................................ 24 Detection .......................................................................................................................................... 25 Containment ................................................................................................................................... 26 Recovery ........................................................................................................................................... 26 Communication and Information Sharing ................................................................................ 28 JULY–DECEMBER 2011 iii The Role of Governments .......................................................................................................... 28 Conclusion ............................................................................................................................................ 30 Worldwide threat assessment 33 Vulnerabilities ...................................................................................................................................... 35 Industry-wide vulnerability disclosures ................................................................................ 35 Vulnerability severity ................................................................................................................... 36 Vulnerability complexity ............................................................................................................. 38 Operating system, browser, and application vulnerabilities ......................................... 39 Microsoft vulnerability disclosures ......................................................................................... 40 Guidance: Developing secure software ................................................................................ 41 Exploits ................................................................................................................................................... 42 Java Exploits .................................................................................................................................... 44 HTML and JavaScript exploits .................................................................................................. 45 Document parser exploits .......................................................................................................... 46 Operating system exploits ......................................................................................................... 48 Adobe Flash Player exploits ...................................................................................................... 50 Exploit effectiveness with the Enhanced Mitigation Experience Toolkit.................. 52 Malware and potentially unwanted software .......................................................................... 55 Global infection rates .................................................................................................................. 55 Operating system infection rates ............................................................................................ 62 Threat categories .......................................................................................................................... 65 Threat categories by location .............................................................................................. 67 Threat families ................................................................................................................................ 68 Rogue security software ............................................................................................................. 71 Home and enterprise threats ................................................................................................... 76 Guidance: Defending against malware ................................................................................. 80 iv MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 12 Email threats ......................................................................................................................................... 81 Spam messages blocked ............................................................................................................. 81 Spam types ...................................................................................................................................... 84 Guidance: Defending against threats in email ..................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages138 Page
-
File Size-