An accurate understanding of on-going malware prevalence Jason Garms Architect & Group PM Anti-Malware Technology Team Microsoft Corporation

Slides:

Advertisements

Similar presentations

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Advertisements

Computer Viruses.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.

Online PC Safety and Security Workshop LBCC Library Gabriel Beeler, LBCC Librarian.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

Done By:Salha Mohammed Obaid AL-kaabi ID:

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

David Overton Head of Small Business Technology – Head of Small Business Technology – Microsoft solutions for.

Introducing, Installing, and Upgrading Windows 7 Lesson 7.

Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

MyDoom By: Philippe Bissohong. Background ► MyDoom  Novarg, Mimail.R and Shimgapi ► Computer worm, unlike a virus it attacks a network.

Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.

Return to the PC Security web page Lesson 5: Dealing with Malware.

Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Cliff Evans Security and Privacy Lead Microsoft Ltd.

Antivirus software.

Computer Skills and Applications Computer Security.

Open Malicious Source Symantec Security Response Kaoru Hayashi.

Big Bad Botnet Day! Xeno Kovah In association with the Corporation for Public Botcasting, and Viewers Like You! Xeno Kovah In association with the Corporation.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Business Technology Applications What is Malware.

Understand Malware LESSON Security Fundamentals.

W elcome to our Presentation. Presentation Topic Virus.

Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Viruses A computer program that can replicate itself and is spread from one computer to another Can be spread by networks, the internet, or removable mediums.

By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,

How We Got Here PC and Internet changed the rules –Viruses, information sharing, “outside” and “inside” indistinguishable –Vulnerability research for.

Virus, Spyware & Trojan Removal By 1Akal 1Akal – Technology Services for Home & Business.

Microsoft Ltd UK - HEAnet conference 2007 Edward P Gibson Chief (cyber) Security Advisor Microsoft Ltd – UK

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Managing Windows Security

Computer Virus’s.

Various Types of Malware

Deriving more value from your Windows investment

Microsoft’s Security Strategy

What’s New in Windows Server 2016

MacAfee product keyMacAfee product key,

The Multiple Engine Advantage

Risk of the Internet At Home

Cybersecurity Strategy

Ask the Microsoft Infrastructure Team October 2017

Information Security Session October 24, 2005

Microsoft Connect /26/2018 6:09 PM

Implementing Client Security on Windows 2000 and Windows XP Level 150

Microsoft Virtual Academy

In the attack index…what number is your Company?

Using Software Restriction Policies

SBS 2008 – One year on David Overton

9/24/2019 5:31 PM ©2005 Microsoft Corporation. All rights reserved.

Presentation transcript:

An accurate understanding of on-going malware prevalence Jason Garms Architect & Group PM Anti-Malware Technology Team Microsoft Corporation AVAR 2005 Tianjin, China

Agenda Importance of data analysis and malware Data sources and analysis from Microsoft Key Observations

One infected personMillions of infection particles Virus “particles” for people

Virus “particles” for computers Rbot-infected computer infection Vulnerability exploit File sharing

Usefulness of Data “First Hour”: Predicting how prevalent a piece of malware will be “Second Month”: Continued Prevalence “Five Year”: Historical

Windows Malicious Software Removal Tool Ability to detect and remove prevalent malicious software Updated and released monthly Low execution impact Localized into 24 languages Protect the Internet Supports Windows XP, Windows 2000, and Windows Server 2003, 32/64 bit

Key Observations Botnets are a BIG deal Social engineering worms and mass mailing worms continue to be very effective Zotob: how bad was it? Rootkit data prevalence is surprising Blaster persists Antinny: Who would have thought?

Botnets are a Big Deal Gaobot, Rbot, Sdbot 58% of malware removed are bots Top 3 bot families are 85% of all bots removed Order of most prevalent: RbotSdbotGaobot 10% of Rbot infections are re-infections 3% of Gaobot infections are re-infections

Social Engineering and Mass Mailing Worms Among families removed by MSRT: Netsky was #4 overall Bagle is #10 overall 2,000 copies of Netsky will be removed during AVAR Netsky.P is 1/3 of all Netsky infections WUKill is #5 for October

Zotob: How bad? Zotob is #41 overall It was only #35 for October Esbot was more prevalent, but received no attention Esbot was #12 in October

Rootkit Prevalence Hacker Defender FURootkitIsPro In order of prevalence: FURootkitIsPro Hacker Defender : 5 th overall, 3 rd in October : 5 th overall, 3 rd in October : 7 th overall, 15 th in October : 17 th overall, 24 th in October : 17 th overall, 24 th in October

Blaster Sure is Persistent! Blaster is #6 overall, and #16 in October Almost 1,000 infections will be removed during AVAR MsBlast.A is most common variant in family But… Nachi.A is even more common

Antinny: Who would have thought? Antinny was #2 in October So far, it’s #4 in November

Other Interesting Facts Machines running Windows XP SP2 are times less likely to be infected with malware from the Wild List Infected machines average 1.3 infections Some have 30 or more active infections Bottom 8 families have less than 100 disinfections each

Top Disinfection Totals by Family RankSince JanuaryOctober only 1Rbot 2SdbotAntinny 3GaobotFURootkit 4NetskySdbot 5FURootkitWukill 6MsblastGaobot 7IsproNetsky 8KorgoBagle 9BerbewSientok 10BagleLovegate 11AntinnyMytob 12MytobEsbot RankSince January 1Rbot 2Sdbot 3Gaobot 4Netsky 5FURootkit 6Msblast 7Ispro 8Korgo 9Berbew 10Bagle 11Antinny 12Mytob

Ranking by Family since January

Disinfections by Type

August Disinfection Breakdown January Families

August Disinfection Breakdown February Families

Highest Re-infection Since January

Links Anti-Malware Engineering Team blog Windows Malicious Software Removal Tool Windows Live Safety Center

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.