Software Security Report Hones In on Botnets

Microsoft has released Volume 9 of its "Security Intelligence Report," which includes a section specifically honing in on the botnet problem.

The report, which can be downloaded here, catalogs software security threats worldwide from January to June 2010. It draws on data gathered from three Microsoft security efforts, namely the Microsoft Security Engineering Center, Microsoft Malware Protection Center, and Microsoft Security Response Center. It also uses data from the United States government's National Vulnerability Database.

The botnet section of the report is extensive. It includes a historical description of how botnets arose based on the IRC protocol used for chatting activity, as well as a description of today's current criminal botnet underground. Microsoft's report defines a botnet broadly as "a network of computers that can be illicitly and secretly controlled at will by an attacker and commanded to take a variety of actions." Microsoft helped take down the Waledac botnet through legal actions earlier this year. In addition, the company claims to have "cleaned botnet infections from more than 6.5 million computers worldwide," according to a Microsoft blog post.

Oddly, the Microsoft campus itself appears to have been the scene of a botnet crime. Two Microsoft-owned IP addresses were used to deliver spam messages for pharmaceutical products and initiate a denial-of-service attack on security-related Web site, according to media reports and a Microsoft blog. The problem stemmed from two misconfigured devices in the Microsoft corporate network that were exploited by "Russian criminals."

Software Vulnerabilities Decreasing
Software vulnerabilities, which can be leveraged by attackers to compromise programs once they are known, have been on the decline since the second half of 2006, according to the SIR Volume 9 report. The report ascribed this progress to "better development practices and quality control throughout the Industry."

Vulnerabilities rated "high" and "medium" according to the Common Vulnerability Scoring System have been declining in frequency over that same four-year period. However, vulnerabilities rated "low" have shown an upward trend in recent years. The report found a 41.6 increase in "low" severity vulnerability disclosures from the second half of 2009 to the first half of this year.

Application vulnerabilities represent the greatest source for security flaws in software, but that trend has been declining over the years. The report cited an 11.2 percent decrease in such application flaws since the second half of 2006.

Operating systems and Web browsers represent a lower percentage of software vulnerabilities, and that trend has stayed relatively flat over the last four years. However, the report noted that browser vulnerabilities now exceed those of operating systems for the first time in four years.

The report described vulnerabilities in Microsoft and non-Microsoft software products over the four-year period. It found that Microsoft's software accounted for "6.5 percent of all vulnerabilities disclosed in 1H10." That figure represents an increase from 5.3 percent in the second half of 2009. Vulnerabilities in non-Microsoft software have followed a general declining trend since the second half of 2006.

Vulnerability reporting by security expects is tracked in the report. Most vulnerabilities (79.1 percent) were reported privately to Microsoft rather than being fully disclosed to the public. Microsoft now refers to the private reporting of software security flaws as "coordinated vulnerability disclosure." The traditional name was "responsible disclosure." However, Microsoft made the nomenclature switch after a spat with a security researcher employed by Google who publicly disclosed a Windows XP flaw out of frustration with alleged delays by Microsoft.

Malware and Other Maladies
The report describes malware removed worldwide, based on statistics gathered from a number of Microsoft antimalware tools. Those solutions included "MSRT [Malicious Software Removal Tool], Microsoft Security Essentials, Windows Defender, Microsoft Forefront Client Security, Windows Live OneCare, and the Windows Live OneCare safety scanner," according to the report.

The United States holds first place in malware removal stats, with 9.6 million computers cleaned in the second quarter of 2010, according to the report. The next runner up was Brazil, with 2.3 million computers cleaned in that same period.

The malware cleaned from devices fell into 10 categories, with Trojans, worms and unwanted software topping the list. The stats in the report were affected by increased detections of "worm families Win32/Taterf and Win32/Autorun," along with the "Win32/Zwangi" family of unwanted software.

Windows 7, which was released in October of 2009, was attacked less frequently than Windows Vista and Windows XP, according to the report, based on the number of computers cleaned. The biggest target appears to be 32-bit Windows XP Service Pack 2, which Microsoft no longer supports with security updates.

Windows Server 2008 versions were cleaned somewhat less frequently of malware than Windows Server 2003 versions. However, Microsoft's report noted "higher infection rates for 64-bit versions of Windows Server 2003 SP2 and Windows Server 2008 SP2." Microsoft has sometimes said in its blogs that 64-bit systems are better protected against malware than 32-bit systems. The report ascribed the greater number of attacks on 64-bit Windows Server products to the "increasing popularity of 64-bit Web and database servers for Web applications."

Spam continues to clog Internet e-mail traffic, but more than 90 percent of it was blocked at the network's edge in 2010, according to the report. More than half of inbound e-mail traffic is spam messages about pharmaceuticals.

SQL injections attacks in the first half of this year were mostly associated with Web sites in Turkey, followed by "commercial entities" and "nonprofit organizations." SQL injection attacks are carried out by entering code into Web-form fields. The code is designed to either steal data from the underlying database or corrupt that data.

Featured

  • futuristic crystal ball with holographic data projections

    Call for Opinions: 2025 Predictions for Higher Ed IT

    How will the technology landscape in higher education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.

  • cloud icon connected to a data network with an alert symbol (a triangle with an exclamation mark) overlaying the cloud

    U.S. Department of Commerce Proposes Mandatory Reporting Requirement for AI, Cloud Providers

    This proposed rule from the department's Bureau of Industry and Security aims to enhance national security by establishing reporting requirements for the development of advanced AI models and computing clusters.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • glowing AI symbol integrated into a stylized cloud icon, surrounded by interconnected digital nodes and translucent security shields, set against a gradient white-to-blue background with grid lines and abstract risk charts

    Cloud Security Alliance Report Plots Path to Trustworthy AI

    A new report from the Cloud Security Alliance highlights the need for AI audits that extend beyond regulatory compliance, and advocates for a risk-based, comprehensive methodology designed to foster trust in rapidly evolving intelligent systems.