The Threat Landscape in CanadaTim RainsDirectorTrustworthy Computing

0.0

1.0

2.0

3.0

4.0

5.0

6.0

7.0

8.0

9.0

10.0

1 2 3 4 5 6 7 8 9 10

Com

pute

rs c

leaned p

er

1,0

00 s

canned (

CC

M)

Worldwide

Canada

United States

United Kingdom

France

10.0%

11.0%

12.0%

13.0%

14.0%

15.0%

16.0%

17.0%

18.0%

19.0%

1 2 3 4

Perc

enta

ge o

f com

pute

rs e

ncounte

ring m

alw

are

Worldwide

Canada

10.0%

11.0%

12.0%

13.0%

14.0%

15.0%

16.0%

17.0%

18.0%

19.0%

1 2 3 4

Perc

enta

ge o

f com

pute

rs e

ncounte

ring m

alw

are Worldwide

Canada

France

United Kingdom

United States

0.0%

1.0%

2.0%

3.0%

4.0%

5.0%

6.0%

7.0%

8.0%

9.0%

10.0%

3Q12 4Q12 1Q13 2Q13

Perc

ent

of

com

pute

rs e

ncounte

ring m

alw

are

Exploits

Misc. Trojans

Trojans Downloaders and

Droppers

PWS and Monitoring Tools

WormsBackdoors

Viruses

7.9%

0.7%

4.6%

2.2%

0.4%

1.2%

0.7%

10.3%

4.7%

3.9%

2.7%

2.1%

1.3%1.2%

0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

1 2 3 4 5 6 7

Perc

enta

ge o

f com

pute

rs e

ncounte

ring m

alw

are

Series1

Series2

0.00%

0.50%

1.00%

1.50%

2.00%

2.50%

1 2 3 4

Perc

enta

ge o

f com

pute

rs e

ncounte

ring m

alw

are

CVE-2012-0507

Blacole

CVE-2010-0840

CVE-2013-0431

CVE-2012-1723

CVE-2013-0431

CVE-2013-1493

CVE-2012-1723 exploits a

vulnerability in Oracle’s

Java Runtime Environment

Blacole is an exploit kit

that attempts to exploit

vulnerabilities in Adobe,

Microsoft and Oracle

products

CVE-2013-0431 exploits a

vulnerability in Oracle’s

Java Runtime Environment

Family Most Significant Category Encounter Rate

1 JS/IframeRef Misc. Trojans 2.27%

2 Win32/Sirefef Misc. Trojans 1.68%

3 Win32/Obfuscator Misc. Trojans 1.25%

4 JS/Seedabutor Misc. Trojans 1.06%

5 CVE-2012-1723 Exploits 0.99%

6 JS/BlacoleRef Misc. Trojans 0.96%

7 Blacole Exploits 0.88%

8 ASX/Wimad Trojan Downloaders & Droppers 0.77%

9 CVE-2013-0431 Exploits 0.54%

10 CVE-2012-0507 Exploits 0.54%

0.00%

0.50%

1.00%

1.50%

2.00%

2.50%

3.00%

1 2 3 4

Perc

enta

ge o

f com

pute

rs e

ncounte

ring m

alw

are

Sirefef

Blacole

Obfuscator

Seedabutor

CVE-2012-1723

BlacoleRef

Iframeref

0.0

0.2

0.4

0.6

0.8

1.0

1.2

1.4

1.6

1 2 3 4

Com

pute

rs c

leaned p

er

1,0

00 s

canned (

CC

M) Sirefef

Redyms

Alureon

Zbot

Medfos

Tracur

Metric 3Q12 4Q12 1Q13 2Q13

Phishing sites per 1000 hosts

(Worldwide)

6.79

(5.41)

5.23

(5.10)

4.72

(4.56)

4.85

(4.24)

Malware hosting sites per 1000

hosts

(Worldwide)

8.20

(9.46)

7.99

(10.85)

7.10

(11.66)

11.80

(17.67)

Drive-by download sites per 1000

URLs

(Worldwide)

0.39

(0.56)

0.31

(0.33)

0.39

(0.50)

1.41

(1.12)

more than 5 times

0.0

2.0

4.0

6.0

8.0

10.0

12.0

14.0

16.0

1 2 3 4 5 6

32 32 32 64

www.microsoft.com/windows/antivirus-partners/

customer

Windows

XPWindows

Vista

Windows

7Windows

8

end

Windows

XPWindows

Vista

Windows

7Windows

8

Windows

XP

If Windows XP shares any of those vulnerabilities, attackers

will develop exploit code to take advantage of them

Between July 2012 and July 2013 Windows XP was an

affected product in 45 Microsoft security bulletins, of

which 30 also affected Windows 7 and Windows 8

Since a security update will never become available

for Windows XP to address new vulnerabilities,

Windows XP will essentially have a “zero day”

vulnerability forever

After support ends, when Microsoft releases its

monthly security updates for supported versions

of Windows, attackers will reverse engineer them

to identify any that exist in Windows XP

Attackers will have the advantage over defenders

risk

Windows

XP

Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as

reported in the Microsoft Security Intelligence Report volume 14

The number of CVEs for which exploits were written that could have been mitigated by

enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP

0

2

4

6

8

10

12

14

1 2 3 4 5 6 7

Series1 Series2

0

2

4

6

8

10

12

1 2 3 4 5 6 7Series1 Series2

evolved

security

Software Vulnerability Exploitation Trends: http://blogs.technet.com/b/security/archive/2013/07/25/the-impact-of-security-science-in-protecting-

customers.aspx

Microsoft Security Blog:http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-

support-ends.aspx

Windows Springboard Series Blog:http://blogs.windows.com/windows/b/springboard/archive/2013/04/08/365-days-remaining-until-xp-

end-of-support-the-countdown-begins.aspx

now

Twitter@msftsecurity

Microsoft Trustworthy Computingwww.microsoft.com/twc

Microsoft Security Intelligence Reportwww.microsoft.com/sir

Microsoft Security Blogblogs.technet.com/b/security