فا

‫ اخبار

صفحات: «« « ... 47 48 49 50 51
Microsoft Security Report, Second Half of 2010
IRCRE201105068
Volume 10 of the Microsoft Security Intelligence Report (SIRv10) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches in both Microsoft and third party software. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on 2010.
Vulnerabilities
Vulnerability Severity
The following figure shows Industry-wide vulnerability disclosures by severity, since 2006.

Although the number of Medium and High severity vulnerabilities disclosed is routinely much greater than the number of Low severity vulnerability disclosures, the trend in 2010 is a positive one, with Medium and High disclosures declining by 17.5 percent and 20.2 percent from 2009, respectively. Low severity vulnerability disclosures increased 45.8 percent, from 190 in 2009 to 277 in 2010.
Vulnerability Complexity
Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A High severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower severity vulnerability that can be exploited more easily.
The following figure shows the complexity mix for vulnerabilities disclosed each year since 2006. Note that Low complexity indicates greater danger, just as High severity indicates greater danger in the past figure.

As with vulnerability severity, the trend here is a positive one, with Low and Medium complexity vulnerability disclosures declining 28.3 percent and 5.0 percent from 2009, respectively. High complexity vulnerability disclosures increased 43.3 percent, from 120 in 2009 to 172 in 2010.
Operating System, Browser, and Application Vulnerabilities
The following figure shows industry-wide vulnerabilities for operating systems, browsers, and applications since 2006.
Application vulnerabilities continued to account for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities declined 22.2 percent from 2009. Operating system and browser vulnerabilities remained relatively stable by comparison, with each type accounting for a small fraction of the total.


Vulnerability Disclosures
The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products since 2006.

Vulnerability disclosures across the industry were down 16.5 percent in 2010 from 2009.
Vulnerability disclosures for Microsoft products increased slightly in 2010 but have generally remained stable over the past several periods. Vulnerabilities in Microsoft products accounted for 7.2 percent of all vulnerabilities disclosed in 2010.
Exploits
The following figure shows the prevalence of different types of exploits for each quarter in 2010.

In 3Q10, the number of Java attacks increased to fourteen times the number of attacks recorded in 2Q10, driven mostly by the exploitation of a pair of vulnerabilities in versions of the Sun (now Oracle) JVM. Together, these two vulnerabilities accounted for 85 percent of the Java exploits detected in the second half of 2010.
Exploits that target document editors and readers, such as Microsoft® Word and Adobe Reader, declined in 2Q10 and remained at a lower level thereafter.
Security Breach Trends
The following figure shows security breach incidents by incident type from 3Q09 to 4Q10.
Malicious incidents (those involving “hacking” incidents, malware, and fraud) routinely account for less than half as many incidents as negligence (involving lost, stolen, or missing equipment; accidental disclosure; or improper disposal).
Malware and Potentially Unwanted Software
The information in this section was compiled from telemetry data that was generated from more than 600 million computers worldwide.
Global Infection Rates
The following table shows the locations with the most computers reporting detections and removals by Microsoft desktop antimalware products in 2010.
Detections in Korea rose 56.8 percent from 3Q10 to 4Q10. Detections in Russia rose 41.3 percent from 3Q to 4Q, primarily because of a significant increase in the number of computers running Microsoft Security Essentials there.
In absolute terms, the locations with the most computers reporting detections tend to be ones with large populations and large numbers of computers.
Operating System Infection Rates
The following figure shows the infection rate for each Windows operating system/service pack combination that accounted for at least 0.1 percent of total MSRT executions in 2010.
This data is normalized: the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP2 computers to 1,000 Windows 7 RTM computers).
As in previous periods, infection rates for more recently released operating systems and service packs are consistently lower than earlier ones, for both client and server platforms. Windows 7 and Windows Server 2008 R2, the most recently released Windows client and server versions, respectively, have the lowest infection rates on the chart.
Infection rates for the 64-bit versions of Windows Vista® and Windows 7 are lower than for the corresponding 32-bit versions of those operating systems.

Threat Categories
The Microsoft Malware Protection Center (MMPC) classifies individual threats into types based on a number of factors, including how the threat spreads and what it is designed to do. To simplify the presentation of this information and make it easier to understand, these types are grouped into 10 categories based on similarities in function and purpose.
The following figure shows detections by threat category each quarter in 2010, by percentage of all computers reporting detections.


Totals for each time period may exceed 100 percent because some computers have more than one category of threat detected and removed from them in each time period.
The miscellaneous trojans category, which consists of all trojans that are not categorized as trojan downloaders & droppers, was the most prevalent category each quarter in 2010, with detections on 20.0 percent of all infected computers in 4Q10, down from 22.7 percent in 1Q10.
Rogue Security Software (Scareware)
Rogue security software, is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.
The following figure shows detection trends for the most common rogue security software families detected in 2010.

Email Threats
Spam Messages Blocked
The information in this section is compiled from telemetry data provided by Microsoft Forefront Online Protection for Exchange (FOPE), which provides spam, phishing, and malware filtering services for thousands of enterprise customers and tens of billions of messages per month.
The following figure shows messages blocked by FOPE each month in 2010.

After increasing gradually and then reaching a plateau through the first eight months of 2010, the number of spam messages received and blocked by FOPE dropped abruptly in September, and again in December. These drops can be correlated with events involving two of the world’s most significant spam-sending botnets: During the last week of August, researchers affiliated with the security firm LastLine spearheaded a coordinated takedown of command-and-control (C&C) servers associated with the Cutwail spambot. Also around December 25, spam researchers around the world recorded an almost complete cessation of spam originating from the large Rustock botnet. The botnet subsequently began sending spam again in mid-January.
Spam Types
The FOPE content filters recognize several different common types of spam messages. The following figure shows the relative prevalence of these spam types in 2010.

Advertisements for nonsexual pharmaceutical products accounted for 32.4 percent of the spam messages blocked by FOPE content filters in 2010. Together with nonpharmaceutical product ads (18.3 percent of the total) and advertisements for sexual performance products (3.3 percent), product advertisements accounted for 54.0 percent of spam in 2010
In an effort to evade content filters, spammers often send messages that consist only of one or more images, with no text in the body of the message. Image-only spam messages accounted for 8.7 percent of the total in 2010.
1 خرداد 1390 برچسب‌ها: گزارشات تحلیلی
The State of the Internet, 4th Quarter of 2010
IRCRE201105067
Date: 26/02/90
Each quarter, Akamai Technologies publishes "State of the Internet" report. Akamai’s globally distributed network of servers allows them to gather massive amounts of information on many metrics, including connection speeds, attack traffic, and network connectivity/ availability/ latency problems, as well as traffic patterns on leading Web sites.This report includes data gathered from across Akamai’s global server network during the fourth quarter of 2010 about attack traffic, broadband adoption, and mobile connectivity, as well as trends seen in this data over time.
Attack Traffic, Top Originating Countries
During the fourth quarter of 2010, Akamai observed attack traffic originating from 207 unique countries/regions, down just two from the third quarter. While the list of countries/regions comprising the top five remained constant from quarter-to-quarter, a shift in the rankings clearly occurred, as shown in the chart. Most notably, the United States dropped to fifth place globally, the source of 7.3% of the observed attack traffic. Russia shifted into first place, responsible for approximately 12% more of the observed traffic in the fourth quarter than in the prior quarter. For most of the remaining countries, the quarterly changes in attack traffic percentages were mixed, though none of the variations were significant.

Attack Traffic, Top Ports
Attack traffic concentration among the top 10 targeted ports dropped significantly from the third
quarter, with the top 10 ports responsible for just 72% of the observed attacks (down from 87% in the third quarter of 2010). This difference is mostly accounted for by the continued decline in the percentage of attacks targeted at Port 445 (Microsoft-DS), down from 56% to 47%, and Port 23 (Telnet), down from 17% to 11%, as shown in the chart.

Internet Penetration
As shown in Figure below, the top 10 countries remained the same quarter over quarter. Nine of the top 10 countries saw quarterly growth in the number of unique IP addresses observed by Akamai, ranging from an increase of under 1% in France to an 18% increase in South Korea. Yearly growth across all of the top 10 countries was strong, with double digit yearly increases seen in all countries but France. China’s growth rate has been consistently strong throughout 2010, with year-over year changes of 30% or more seen in all quarters. Concentration among the top 10 remained consistent with the past several quarters, accounting for nearly 70% of the observed IP addresses. In looking at the “long tail,” there were 183 countries/regions with fewer
than one million unique IP addresses connecting to Akamai in the fourth quarter of 2010, 132 with fewer than 100,000 unique IP addresses, and 30 with fewer than 1,000 unique IP addresses. The counts for all three thresholds were down quarter-over-quarter.
Global Average Connection Speeds
In the fourth quarter of 2010, the global average connection speed remained essentially flat as compared to the third quarter, ending the year approximately 60 Kbps shy of the 2 Mbps “broadband” threshold. However, as shown in Figure 5, average connection speeds among the top 10 countries were not as static, with quarterly growth as high as 14% (in Belgium), though declines were not as significant, with South Korea’s 3.0% quarterly decline the worst of the three countries in the list that lost ground. Even with these declines, all of the countries within the top 10, as well as the United States, maintained average connection speeds that exceeded the “high broadband” threshold of 5 Mbps.
Attack Traffic From Mobile Networks, Top Originating Countries
In looking at attack traffic from known mobile network providers observed by Akamai during the fourth quarter of 2010, we see that the list of top countries responsible for the attacks remained fairly consistent quarter-over-quarter.
Nine of the top 10 countries, as shown in Figure 19, are the same as in the third quarter – Brazil dropped out of the top 10 list, while Hungary joined it. Italy remained the source of the largest amount of observed attack traffic, up nearly 7% from the third quarter. Of the top 10 countries, the United Kingdom was the only country that saw their percentage drop quarter-over-quarter. Overall attack traffic concentration remained fairly consistent from the prior quarter, with the top two countries responsible for 40% of observed attacks, while the top 10 countries were the source of three-quarters of observed attacks.

Attack Traffic From Mobile Networks, Top Ports
In the fourth quarter of 2010, nine of the top 10 ports targeted by attack traffic coming from mobile networks were the same as in the third quarter. The lone difference was the appearance of Port 3389 (Microsoft Terminal Services), which replaced Port 6882 (BitTorrent) at the bottom of the list. (And in the third quarter, BitTorrent itself replaced Symantec System Center at the bottom of the list.) As shown in Figure 20, attack concentration grew very slightly in the fourth quarter, with Port 445 responsible for 76% of observed attacks (up from 75% last quarter), and the top 10 ports accounting for almost 96% of observed attacks (up just over 1% from last quarter).
source:
The State of the Internet, 4rd Quarter, 2010 Report (Akamai_state_of_internet_q42010.pdf)
27 اردیبهشت 1390 برچسب‌ها: گزارشات تحلیلی
صفحات: «« « ... 47 48 49 50 51