Win 7 malware spikes, drops for XP

The findings are part of Microsoft’s tenth Security Intelligence Report issued overnight which collected data from some 600 million computers and the most popular web services.

It indicates that while the lion’s share of malware has hit XP, writers are increasingly targeting Microsoft’s latest operating system, Windows 7.

That system is used by about a quarter of all Windows users, while Vista holds about 10 percent and XP retains about half, according to NetApplications.

Malware written for the unpopular Windows Vista platform also spiked according to the report.

The 64-bit versions of Vista and Windows 7 recorded fewer malware infection rates than the 32-bit platforms. Microsoft said the 64-bit operating systems have more security savvy users and feature Kernel Patch Protection.

A zero-day disclosure (CVE 2010-1885) last year lead to a massive increase in exploits targeting the Windows Help and Support Centre for XP. Microsoft detected some 14,000 exploits at the start of 2010, which surged to a whopping 250,000 in the third quarter.

The software giant issued an out-of-band update (MS10-042) to fix the hole and the number of  exploits for the vunlerability fell to 65,000 by year’s end.

A second separate exploit was released in tandem that infected just as many machines. It was written for the zero-day vulnerability (CVE-2010-2538) that was discovered during analysis of the Stuxnet worm, and was soon used in other malware families including Vobus and Sality.

Microsoft issued an out of-band update (MS10-046) to fix the flaw.

Conficker remained by far the most common enterprise threat family because it was the most effective at spreading through typical enterprise domains.

But it ranks ninth overall compared to non-domain exploits which are typically hosted on malicious sites that businesses would typically blacklist.

The JavaScript porn pop-up, JS/Pornpop was the most common overall threat family. JavaScript exploits increased during the year and spiked in the third quarter, surpassing HTML, operating system and document –related exploits. Attacks through malicious iFrames accounted for most other exploits.

Application vulnerabilities continued a four-year decline with critical disclosures dropping by around 20 percent from 2009.  Operating system holes remained stable.

Exploits that are easier to execute dropped by up to 28 percent while difficult attacks increased by 43 percent.

Australia remained roughly on par with Canada and New Zealand in the percentage of infections removed from computers by Microsoft, but behind Britain, the United States, and Brazil.

The Rustock botnet this year has resumed spamming operations after it all but ceased in December 2010 following a US-led take-down of its command and control servers that then halved global spam levels.

Microsoft said it is investigating why Rustock resumed spamming.

The report is a product of Microsoft’s Trusted Computing initiative which sources information from its massive user base and other technology firms and governments.