Security Intelligence Report (SIR) vol.10

imageToday, we published our latest security Intelligence report. Taking data from a wide variety of sources and bringing them together to provide a clear picture of what is going on in the threat landscape.

For me the SIR is always a useful tool in understanding threat trends, it helps IA professionals understand the broad scheme of risk that is threatening our customers, and there are some surprising trends; in Q3of 2010 the malicious use of Java Script rose by a factor of 14 compared to the previous quarter.

With the rise in use of social networking sites, criminals have started to use them as a potential source/target for phishing attacks and as a result social networking phishing attacks rose from 8.3% in January 2010 of Phishing attacks we saw to 84.5% in December of 2010 for all Phishing attacks we saw in that period. The latest versions of IE have the SmartScreen Filter technologies that actively defend against this kind of attack.

The use of rogue security software is also on the rise and is one of the most common ways that is used to swindle money form unsuspecting consumers. In many cases this “scareware” looks very professionally produced, and makes claims about “their” ability to detect and remove threats that only “they” can see. In actual fact these claims are false and the goal is to get a consumer to hand over their credit card details or install malware.  A number of these packages were added to the Microsoft Malicious Software Removal Tool, this runs as part of the monthly security updates most consumers download from Microsoft, and still more sites were added to the reputation service that SmartScreen Filter uses, to enable their browser to protect them from these  threats.

But for consumers and for businesses our  advice remains unchanged stay up to date on your Microsoft software updates (via Microsoft Update) and also ensure that your other software has its security updates applied as well.  Make sure that you have a reputable antivirus program , Microsoft Security Essentials if free to consumers and small businesses and uses the same antimalware engine as our Enterprise product Forefront Endpoint Protection.

It’s also clear that using the latest software means that you will be less likely to be successfully attacked, and the 64 bit versions of our products are the most robust:


For enterprises there are more options available such as the use of AppLocker. Over 98% the threats that we see are not signed and using AppLocker to only allow the execution of signed code; will significantly decrease the amount of malware that will be able to execute.  Enterprises can also use  the  Enhanced Mitigation Evaluation Toolkit (EMET) which enables you to turn on Data Execution Prevention (DEP) and Structured Exception Handling and Overwrite Protection (SEHOP) may enable enterprise customers to “upgrade” the protection of existing applications, though EMET may require some work on the part of an enterprise.    I say these are for enterprises; and they are available to consumers EMET via download and AppLocker via the Ultimate Edition of Windows 7, but these tools are aimed more at the IT Professional than the home user.

The important thing to remember is that you can take action which makes you safer:

– Anti Virus software, get some if you haven’t already and keep it up to date

– Update all your software regularly from your software provider, many providers have automatic mechanisms for this, use them when they are available.

– Upgrade to the most recent version of the software that you can,  they typically have better inbuilt defences, at both the application and the operating system level.  64 bit operating systems are safer still in, general you are about 1/3 less likely to get an infection.

– Use Complex passwords and don’t have the same one for everything… they protect your data and if a single site you use is compromised not all of your passwords will be.

Security Intelligence Report (SIR) vol.10


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: