In an analysis of the top security threats during the first half of 2009, Microsoft's findings show the importance of having sound guidelines governing thumb drives and connecting to corporate networks from machines outside the enterprise. According to Microsoft, both Conficker and another notorious worm took advantage of poor policies around USB devices to spread.
In its biannual
snapshot of the security landscape
, Microsoft has uncovered a resurgence a
worms that underscores the importance of having sound security guidelines
devices accessing corporate
While Volume 7 of
Microsoft's Security Intelligence Report found that Trojans were the top
malware threat for U.S. enterprises during the first
six months of 2009,
Microsoft also noted a jump in the
prevalence of worms. The identity of the most common worm-Conficker-should
come as no surprise
. The second most prevalent worm, however, was Taterf,
which targets passwords for online games.
According to Microsoft,
detections of Taterf rose 156 percent during the first half of 2009 over where
they stood during the previous six months. Like Conficker, the worm enjoyed a
high degree of success by spreading through unsecure file shares and removable
"During this period, [Taterf]
had an almost identical threat footprint to Conficker in terms of number of
infection machines, yet we hardly ever hear about it," said Jeff Williams,
principal group program manager for the Microsoft Malware Protection Center. "I
think enterprises dismiss it as not applicable to them" due to their policies
against online games, he said.
explained that Taterf's spread underscores the fact that many enterprises do
not have sound
removable media. Enterprises need to take the time to
develop guidelines for thumb drives as well as how they allow network
connections from machines not managed by their IT resources, he said.
"Most enterprises do not
have a policy around scanning removable media before it is introduced to the
network, and many also don't have a policy about antivirus software running on
home computers where information might be carried back and forth from a home
machine to a work machine or where that home machine might be used to connect
to the corporate network," Williams said.
Despite the resurgence of
worms, Trojans remained the top malware threat for enterprises in the United States, as well as the United Kingdom,
Italy. In China,
many of the most prevalent malware
families are Chinese-language threats that don't appear in the list of top
threats for any other location, such as the browser modifier Win32/BaiduSobar,
the report notes.
The report also uncovered
a difference in infection rates between Windows
Vista and XP
. Infection rates for
were found to be significantly
lower than Windows XP in all configurations during the first half of 2009. For
Windows Vista SP1, the infection rate was 61.9 percent less than Windows XP
SP3, according to the report.
"It's been said that knowledge is power-and when it comes to security
intelligence, a lack of accurate information can be detrimental to separating
real threats from hype," said Vinny Gullotto, general manager of the
Microsoft Malware Protection Center, in a statement. "Microsoft is
committed to providing not only security intelligence for our customers and the
community, but also the most accurate and comprehensive view of the realities
of the threat landscape."