[Microsoft] October Update Tuesday: Security Intelligence Report volume 11 announced

[ronjor]

Quote:

MSRCTeam

Hello,

On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details.

A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections. The results from our analysis concluded that none of the top malware families in the first half of 2011 were known to be distributed through the use of 0-days, and while some smaller families did take advantage of 0-day vulnerabilities, less than 1 percent of all exploit attempts were against zero-day issues.

The key takeaway from SIRv11 is how malware is actually being distributed – social engineering, Autorun feature abuse, file-infection, exploits (with updates available) and brute force password attacks. Many of these attacks can be avoided with fundamental security practices, such as downloading security updates once available or ensuring that you have Automatic Updates enabled on your system. Automatic Updates help to ensure that computers are protected against new and ongoing security threats and that Windows continues to function smoothly

https://blogs.technet.com/themes/blo...ced&GroupKeys=

[MrBrian]

There is also a Regional Threat Assessment pdf available at http://www.microsoft.com/security/si...e/default.aspx that isn't included in the main Security Intelligence Report.

[PJC]

Here, too.

[MrBrian]

Percentage of USA websites hosting drive-by downloads: (data from Security Intelligence Report Volume 11 Regional Threat Assessment)
2010 3Q - 0.032%
2010 4Q - 0.007%
2011 1Q - 0.764%
2011 2Q - 0.817%

Notice the large relative increase from 2010 to 2011.

[RJK3]

Thanks all for the stats!

MrBrian - do those statistics refer to pages with a script pointing to a third party site with the actual exploit kit, or do they purely mean sites actually hosting the exploit kit themselves?

I'd be interested in stats for how many legitimate sites get hacked with the former scenario in mind.

[Hungry Man]

There was a recent article (recent as in two months or so) with stats about hacked sites distributing malware. Can't find it though =\

[MrBrian]

Quote:

Originally Posted by RJK3

Thanks all for the stats!

MrBrian - do those statistics refer to pages with a script pointing to a third party site with the actual exploit kit, or do they purely mean sites actually hosting the exploit kit themselves?

You're welcome .

I'm not sure either on that matter.