Microsoft Security Intelligence Report Shows Malware Increases, Windows Vulnerabilities Decrease

BARCELONA, Spain — Nov. 3, 2008 — Microsoft Corp. today released the fifth volume of its Microsoft Security Intelligence Report at Tech•Ed EMEA IT Professionals 2008, providing an in-depth and unique view of the threat landscape based on data derived from hundreds of millions of computers worldwide. Designed to help enable better protection from cybercriminals, the research from the first half of 2008 shows that while Microsoft and others in the industry have made significant progress toward helping protect customers from malicious threats online, threats to businesses and consumers still continue to evolve.

More specifically, the report shows that the total amount of malware and potentially unwanted software removed from computers worldwide grew over 43 percent during the first half of 2008. The Microsoft Security Intelligence Report also reveals a continued rise in both trojan downloaders and high-severity vulnerabilities, proving that financial gain remains attackers’ top motivation. In addition, Microsoft’s research illustrates how attacks are continuing to move into the application layer and away from the operating system, as more than 90 percent of vulnerabilities disclosed in the first half of 2008 affected applications, while only 10 percent affected operating systems.

The Microsoft Security Intelligence Report also demonstrates the progress Microsoft has made to better secure its software via its secure software development and security response processes. For example, Microsoft vulnerabilities in the first half of 2008 were down 33.6 percent from the second half of 2007.

“The Microsoft Security Intelligence Report gives us a chance to share our extensive analysis of the threat landscape and related guidance with our customers, partners and the broader industry, helping ensure people are better informed and in turn protected,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. “We are also committed to applying the data and intelligence from the report to our research and response efforts to provide customers with increased protection and services.”

Based on the key findings from the report, Microsoft recommends customers use the data, insights and guidance in the report to better assess and improve their own security practices. Some of the active steps Microsoft recommends include the following:

  • Check for and apply software updates on an ongoing basis, including updates provided for third-party applications.

  • Enable a firewall.

  • Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software.

  • Open links and attachments in e-mail and instant messages with caution, even if they are from a known, trusted source.

Following customer feedback on previous reports, Microsoft took a different approach with this volume, creating a more reader-friendly core document accompanied by appendices that provide expanded explanations and analysis. A copy of Microsoft’s newest Security Intelligence Report and other related information can be found at http://www.microsoft.com/sir.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.