| Welcome to October′s Security Newsletter! |
 |
This month I′d like to focus on new threat intelligence based on data from the Microsoft Security Intelligence Report (SIR) Volume 13 released earlier this month. This latest edition of the SIR includes over 800 pages of data and analysis with deep dives for 105 countries/regions around the world. It is designed to provide in–depth perspectives on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software based on data from over 600 million systems, 280 million Hotmail accounts and billions of web pages scanned by Bing.
One of the most interesting trends to surface from the latest report was the surge in malware associated with software and media files. The Internet is a great place to do business and shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors are taking advantage of people′s desire to share and find the best deals by using social engineering in attempt to infect computer systems.
Preying on the desire to "get a good deal" is a form of social engineering that has been around for a long time, but it′s proving to be a popular method for malware distributors. The typical situation starts with users looking for some software or media such as movies or music for free, or for a reduced price. They surf the web looking for the file and perhaps also a crack or license key generator (Keygen) so that they don′t have to purchase it. This is where the malware distributors step in and attempt to get between these users and the software or media that they are looking for.
By disguising malware as popular software, or by bundling malware with popular software, malware distributors are hoping that enthusiastic bargain hunters will download and execute their malicious software and become infected. According to new research in the latest SIR Volume 13, in the first six months of 2012, the threat family Win32/Keygen, representing software activation key generators, was detected nearly five million times. Out of those detections, 76%, or 3.8 million were exposed to other more dangerous malware.
Keygen detections have increased by a factor of 26 since the first half of 2010 and today Keygen is the number one consumer threat family worldwide, rising above other prevalent threat families like Pornpop, Blacole, Conficker and FakePAV. The prevalence of Keygen varies from location to location, however it is listed as a top 10 threat for 103 of the 105 countries/regions studied in SIR Volume 13. That means Keygen is in the top 10 list of threats for 98% of the locations we provide analysis for in the latest edition of the Security Intelligence Report.
Figure: Relative detections of threat families in the 10 countries/regions with the most detections in 2Q12
In SIR Volume 13, we have a feature story that dives into greater detail on deceptive downloads like Keygen and provides mitigation guidance on how to help protect against this type of social engineering threat.
Of course this is just one of the many interesting trends you′ll see in the latest report. I encourage you to visit the Microsoft Security Intelligence Report website and download SIR Volume 13 today to learn about the latest threat trends and the actions you can take now to help mitigate risk within your environment. You can also read a key findings summary or watch a short video for a summary of the data contained in the report.
|
 | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing | |
|
| |
|
Microsoft Malware Protection Center Threat Report: Rootkits
Examine how attackers use rootkits, and how rootkits function on affected computers. The report from the MMPC describes some of the more prevalent malware families that use rootkit functionality in the wild today, and presents some recommendations that can help organizations mitigate the risk from rootkits. |
|
Microsoft MSRT Thwarts Rogues with Just One Scan
Most rogue antivirus software displays an interface that is predominantly in English, with some presenting a few other European languages as well. However, this month one of the families added by the Microsoft Malicious Software Removal Tool (MSRT) was Win32/Onescan, a Korean fake antivirus scanner that is the most prevalent of the Asian–language–based rogues. Learn more in this blog post from the Microsoft Malware Protection Center (MMPC). |
|
Fault Modeling for Cloud Services
Just as threat modeling is an important step in the design process when security–related issues are being evaluated; fault modeling is an important step in the design process for building reliable cloud services. Get insight into how Microsoft uses fault modeling to design and build cloud services to help ensure that its services can respond gracefully to outages. |
|
| |
|
Microsoft′s Free Security Tools
A good tool can save a lot of work and time for those people responsible for developing and managing software. In July, the Microsoft Security Blog kicked off a blog series focused on the free security tools that Microsoft provides to help make IT professionals′ and developers′ lives easier. Bookmark this summary of the tools covered in the series, which includes a summary of each tool, a link to the download, and information on where to find step-by-step guidance to help you best use each tool to your advantage. |
|
Security Technologies in Windows Server 2012
Explore technical overviews and step–by–step guides on new and improved security and protection technologies in Windows Server 2012 including: |
|
Security Tools to Administer Windows Server 2012
Learn about the tools available for Windows Server 2012 to help you administer security technologies and address ongoing threats to your computers and network. |
|
Manage Privacy in Windows Server 2012
Explore a variety of guidelines and recommendations for managing privacy–related settings in Windows Server 2012. |
|
| |
|
MVP Article of the Month: Server Hardening in Windows Server 2012
By Rodrigo Immaginario, Microsoft MVP – Enterprise Security
The server is the penultimate protector of your company′s data so applying unique security policies for each server profile is both an important and necessary step in your server security strategy. Learn how to enhance the security of your server infrastructure using the Security Configuration Wizard in Windows Server 2012. |
|
| |
|
Implementing a Secure Cloud Infrastructure with Windows Azure Virtual Machines and Virtual Networks
Explore Windows Azure′s Infrastructure as a Service (IaaS) features in part one of this TechNet Radio series covering Windows Azure Virtual Machines, licensing and pricing, and what VHD Deploy options as well as a quick demonstration on how to get started using the Image gallery. |
|
| This Month's Security Bulletins |  |  | |
|
Microsoft Security Bulletin Summary for October 2012
Critical Important |
|
October 2012 Security Bulletin Resources:
|
|
| Security Events and Training | | | |
|
Microsoft Virtual Academy – Windows Server 2012: Identity and Access
Today′s organizations need to give workers access to data and information – across varied networks and devices – while still keeping costs down. Learn how new and enhanced capabilities in Windows Server 2012 help you meet these challenges by making it easier and less costly to ensure secure access to valuable digital assets and comply with regulations. After completing this course, you will have a detailed understanding of how Windows Server 2012 enables you to give workers access to data and information across varied networks, devices, and applications – and in an easier, more cost effective and more secure fashion. |
|
