Security Report Finds Enterprise Infections Up 100 Percent

Jennifer LeClaire, newsfactor.com Mon Nov 2, 1:01 PM ET

Microsoft released its latest security intelligence report on Monday -- and the picture looks grim for enterprises. Enterprise worm infections rose nearly 100 percent in the first half of 2009 from the previous six months. In the same period, consumers continued to struggle with rogue software.

According to the Microsoft Security Intelligence Report (SIRv7), rogue security software remained the single largest threat category for the first half of 2009. Despite progress combating rogues, this is still a major issue for computer users. Also known as "scareware," rogue security software takes advantage of customers' desire to protect their computer from threats.

But there is good news for enterprises and consumers. The report highlights a significant decrease in Zlob Trojan infections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009. Microsoft is offering some security best practices to help PC users ward off threats.

"It's been said that knowledge is power -- and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."

Conficker Revisited

Ten years after the Melissa worm appeared and defined mass-mailing worms as a class of malicious threats, Microsoft reports Conficker is the top worm threat detected for the enterprise. Conficker is not in the top 10 for consumers because home computers are more likely to have automatic updating enabled. Microsoft said these findings stress the need for enterprises to have a robust security-update management program in place.

With detections up 156 percent since the second half of 2008, the Taterf worm is an emerging threat. Taterf targets massively multiplayer online role-playing games. These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage volumes. Microsoft said Taterf's growth underscores the need for organizations to develop guidelines for removable drives and evaluate how connections are made to outside machines.

Microsoft outlined four key security best practices: Understand the Microsoft security-update process and terminology, make sure all third-party applications are being updated regularly by the vendor, make sure a customer's development team is using a software security assurance process, and, finally, put policies in place to help secure all file shares and regulate the use of removable media.

Blind Threats

It's interesting to attempt to size up the most dangerous threat for an enterprise because that varies based on your definition of risk, according to Ken Dunham, director of global response for iSIGHT Partners.

"As you take a look at corporate networks, it may be that rootkits are stealth, or perhaps more blended threats that can spread through thumb drives are more troublesome than the traditional bots that might be easily seen and shut down across the wire," Dunham said. "You tell me the one that's more dangerous -- the one that everybody sees or the Trojan you don't see."

There is a common thread across all threat reports. That's the diversity of attacks that clearly show crimeware as the primary motive, Dunham said. Rather than disruption, notoriety and other kinds of traditional motives, he said, organized crime is driving the large majority of attacks as well as innovation to counter security efforts and security within the enterprise.