The Redmond company released volume four of the Microsoft Security Intelligence Report (SIR), using data gathered via the Microsoft Malicious Software Removal Tool from in excess of 450 million Windows computers worldwide.
"The SIR provides us with a chance to share with our customers and industry partners what we’re seeing in the threat landscape so we can all help ensure users are better protected and work toward a more trusted Internet," explained Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "This latest volume supports our position that today’s threats continue to be motivated by monetary gain, and it also gives us a solid view of vulnerability and exploit trends."
Microsoft found that in the second half of the past year, the volume of vulnerability disclosures dropped by approximately 5%. However, despite this aspect, the company revealed that 32.2% of public security vulnerabilities were targeted in the wild via publicly available exploit code.
"The trends observed in the second half of 2007 are consistent with the observed shift of malware away from an amateur phenomenon to a tool used by professional criminals and criminal organizations to generate revenue," Microsoft noted in the report.
The Redmond company added that the same tendency that affects the evolution of malicious code, also impacted spam. With over 90% of the emails sent between July and December 2007 being spam, there is an increased focus on malware spreading and phishing attempts.
"The data also reveals a 300 percent increase in the number of trojan downloaders and droppers — malicious code used to install files on users’ systems — illustrating that the malware category continues to grow in popularity among attackers. The report also shows a 66.7 percent increase in the number of potentially unwanted software detections — programs that may impact user privacy or security by performing actions the person may not want — between July 1 and Dec. 31, with a total of 129.5 million pieces of potentially unwanted software found on users’ systems," Microsoft stated.
Microsoft, Security, Phishing, Spam, Virus, Malware, Vulnerability, Exploit, SIR, Report