Security Intelligence Report (SIRv11): "Zero-Day" Caused 1% of Malware Attacks, 99% Distributed through Social Engineering

Microsoft Security Intelligence Report volume 11 (SIRv11) released today at the RSA Conference Europe 2011, found that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities -- software vulnerabilities that are successfully exploited before the vendor has published a security update or "patch."In contrast, 99% of attacks during […]

Microsoft Security Intelligence Report volume 11 (SIRv11) released today at the RSA Conference Europe 2011, found that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities -- software vulnerabilities that are successfully exploited before the vendor has published a security update or "patch."

In contrast, 99% of attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.

The reports reveals how social engineering techniques contribute to the spread of computer infections. Attacks that require user-interaction (social engineering) to spread accounted for 45% of the attacks analyzed in the report. In addition, old or out-of-date browsers are easier targets for attacks than browsers that are current.

According to data from Net Applications, 25% of all browsers are not up to date. This means approximately 340 million computers worldwide might be at increased risk of infection as a result of malware spread via social engineering techniques.

Today, Microsoft launched the website, YourBrowserMatters.org, to show how updated browsers can help to keep you safer online and why a browser is the first line of defense against infection.

In addition, the company "provides insight into reducing Win32/Autorun abuse with updates released earlier this year for XP and Vista (Windows 7 already included these updates) that prevent the Win/32Autorun feature from being enabled automatically for most media. Within four months of issuing the update, the number of infections from the most prolific Win32/Autorun-abusing malware families was reduced by almost 60% on XP and by 74% on Vista in comparison to 2010 infection rates."

SIRv11

Here's a paragraph quotes from the article.

"Among the array of technical and non-technical mechanisms that malicious parties have at their disposal for attacking computers and stealing data, the zero-day vulnerability--a software vulnerability that is successfully exploited before the software vendor has published a security update addressing it--is especially significant for security professionals and attackers alike. Zero-day vulnerabilities--according to the conventional wisdom, at least--cannot be effectively defended against, and can arise at any time, leaving even security-conscious IT administrators essentially at their mercy. While technologies like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) have been introduced to make it more difficult to reliably exploit software, and processes like the Secure Development Lifecycle (SDL) have been shown to reduce the incidence of software vulnerabilities, these vulnerabilities continue to capture the imagination."

In the report, Microsoft includes prescriptive guidance to help educate people about commonly known social-engineering techniques, how to create strong passwords and how to manage security updates.

You can download SIRv11 here (pdf).