Interesting: SIRv10 and the MMPC Thread Report

Posted on June 3, 2011 by

0


This May, Microsoft released some interesting reports: the Microsoft Security Intelligence Report Volume 10 (SIR v10) and the Microsoft Malware Protection Center (MMPC) Threat Report. The latter, a follow up to the 2010 special report on Battling Botnets, focuses on Qakbot, a rootkit based stealth-mode backdoor that steals sensitive user data from infected machines.

SIRv10 is a global threat report, 87 pages with in-depht threat intelligence and (2010) threat landscape statistics for 117 countries.
Both reports a highly recommended readings for information security managers (even for those that are not in charge of Microsoft Operating System based IT environments …).

Lets look at the SIRv10 first: No surprises, actually.  Phishing using social networking as the lure, rogue security software and Adware are the tactics on the rise, so are techniques using fake product promotions or fake marketing campaigns.

Remarkably, CVE counted vulnerability disclosures in 2010 are down by more than 16 percent from 2009. In general,  newer software, services and products seem to be less susceptible to attacks. Lets hope that this is the result of general advancements in information security awareness across the industry rather than changes in disclosure policies (Microsoft: “ This trend is likely because of better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities”. Actually, this sounds to me a lot like the software giant is speaking about his very own product’s security maturing over the last few years … 😉 )

The MMPC report is more on the technical side but is not too technical though. It gives  insights into the functioning of the Win32/Qakbot family of malware including telemetry data from 2009 until 2011. This report is interesting for InfoSec managers because it helps to better assess risks related to malware by better understanding the current character and capabilities of sophisticated malware. In this case malware mainly infecting corporate environments as opposed to consumer environments . It is  sophisticated, because it has the technical characteristics and capabilities of a rootkit, trojan, worm, backdoor and even a bot, and a risk to corporate information assets because of its advanced information theft and exfiltration functionality including records of all keystrokes, stealing of  POP3,IMAP,FTP credentials, and the stealing of cryptographic certificates , of Outlook account information and cached browser credentials.

The reports are available for download here:

MMPC Thread Report Qakbot

MS SIRv10

Tagged: , , ,
Posted in: Open Knowledge