Worm infections in the enterprise rose by nearly 100%

The latest Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.

Top global trends

Ten years after Melissa appeared and defined mass-mailing worms as a class of malicious threats, worm infections have resurged to become the second most prevalent threat for enterprises in the first half of 2009.

Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments. According to SIRv7, the following were the top two families detected:

Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Conficker is not in the top 10 for consumers, because home computers are more likely to have automatic updating enabled. This further reiterates the need for enterprises to have a robust security update management program in place.

Taterf, with detections up 156 percent since the second half of 2008, targets massively multiplayer online role-playing games (MMORPGs). These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage volumes — both of which are often plentiful in the enterprise. Taterf’s impressive growth underscores the need for organizations to develop guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.

According to the report, rogue security software remained the single largest threat category for the first half of 2009. In addition, while there has been progress combating rogues, this threat remained a major pain point for computer users during the same period.

Also known as “scareware,” rogue security software takes advantage of customers’ desire to keep their computer protected. Microsoft products and services removed malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from a company they trust and to keep its threat definitions up to date.

In contrast, the report highlights the significant decrease in Zlob disinfections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009 — a remarkable tenfold decrease.

Don't miss