Software Security Report Hones In on Botnets

Microsoft has released Volume 9 of its "Security Intelligence Report," which includes a section specifically honing in on the botnet problem.

The report, which can be downloaded here, catalogs software security threats worldwide from January to June 2010. It draws on data gathered from three Microsoft security efforts, namely the Microsoft Security Engineering Center, Microsoft Malware Protection Center, and Microsoft Security Response Center. It also uses data from the United States government's National Vulnerability Database.

The botnet section of the report is extensive. It includes a historical description of how botnets arose based on the IRC protocol used for chatting activity, as well as a description of today's current criminal botnet underground. Microsoft's report defines a botnet broadly as "a network of computers that can be illicitly and secretly controlled at will by an attacker and commanded to take a variety of actions." Microsoft helped take down the Waledac botnet through legal actions earlier this year. In addition, the company claims to have "cleaned botnet infections from more than 6.5 million computers worldwide," according to a Microsoft blog post.

Oddly, the Microsoft campus itself appears to have been the scene of a botnet crime. Two Microsoft-owned IP addresses were used to deliver spam messages for pharmaceutical products and initiate a denial-of-service attack on security-related Web site, according to media reports and a Microsoft blog. The problem stemmed from two misconfigured devices in the Microsoft corporate network that were exploited by "Russian criminals."

Software Vulnerabilities Decreasing
Software vulnerabilities, which can be leveraged by attackers to compromise programs once they are known, have been on the decline since the second half of 2006, according to the SIR Volume 9 report. The report ascribed this progress to "better development practices and quality control throughout the Industry."

Vulnerabilities rated "high" and "medium" according to the Common Vulnerability Scoring System have been declining in frequency over that same four-year period. However, vulnerabilities rated "low" have shown an upward trend in recent years. The report found a 41.6 increase in "low" severity vulnerability disclosures from the second half of 2009 to the first half of this year.

Application vulnerabilities represent the greatest source for security flaws in software, but that trend has been declining over the years. The report cited an 11.2 percent decrease in such application flaws since the second half of 2006.

Operating systems and Web browsers represent a lower percentage of software vulnerabilities, and that trend has stayed relatively flat over the last four years. However, the report noted that browser vulnerabilities now exceed those of operating systems for the first time in four years.

The report described vulnerabilities in Microsoft and non-Microsoft software products over the four-year period. It found that Microsoft's software accounted for "6.5 percent of all vulnerabilities disclosed in 1H10." That figure represents an increase from 5.3 percent in the second half of 2009. Vulnerabilities in non-Microsoft software have followed a general declining trend since the second half of 2006.

Vulnerability reporting by security expects is tracked in the report. Most vulnerabilities (79.1 percent) were reported privately to Microsoft rather than being fully disclosed to the public. Microsoft now refers to the private reporting of software security flaws as "coordinated vulnerability disclosure." The traditional name was "responsible disclosure." However, Microsoft made the nomenclature switch after a spat with a security researcher employed by Google who publicly disclosed a Windows XP flaw out of frustration with alleged delays by Microsoft.

Malware and Other Maladies
The report describes malware removed worldwide, based on statistics gathered from a number of Microsoft antimalware tools. Those solutions included "MSRT [Malicious Software Removal Tool], Microsoft Security Essentials, Windows Defender, Microsoft Forefront Client Security, Windows Live OneCare, and the Windows Live OneCare safety scanner," according to the report.

The United States holds first place in malware removal stats, with 9.6 million computers cleaned in the second quarter of 2010, according to the report. The next runner up was Brazil, with 2.3 million computers cleaned in that same period.

The malware cleaned from devices fell into 10 categories, with Trojans, worms and unwanted software topping the list. The stats in the report were affected by increased detections of "worm families Win32/Taterf and Win32/Autorun," along with the "Win32/Zwangi" family of unwanted software.

Windows 7, which was released in October of 2009, was attacked less frequently than Windows Vista and Windows XP, according to the report, based on the number of computers cleaned. The biggest target appears to be 32-bit Windows XP Service Pack 2, which Microsoft no longer supports with security updates.

Windows Server 2008 versions were cleaned somewhat less frequently of malware than Windows Server 2003 versions. However, Microsoft's report noted "higher infection rates for 64-bit versions of Windows Server 2003 SP2 and Windows Server 2008 SP2." Microsoft has sometimes said in its blogs that 64-bit systems are better protected against malware than 32-bit systems. The report ascribed the greater number of attacks on 64-bit Windows Server products to the "increasing popularity of 64-bit Web and database servers for Web applications."

Spam continues to clog Internet e-mail traffic, but more than 90 percent of it was blocked at the network's edge in 2010, according to the report. More than half of inbound e-mail traffic is spam messages about pharmaceuticals.

SQL injections attacks in the first half of this year were mostly associated with Web sites in Turkey, followed by "commercial entities" and "nonprofit organizations." SQL injection attacks are carried out by entering code into Web-form fields. The code is designed to either steal data from the underlying database or corrupt that data.

Featured

  • split-screen digital illustration of two AI-influenced classrooms

    What AI Gets Right and How It Will Be Used in the Year Ahead

    AI has tremendous potential to do good in education while honoring and upholding the essential role of teachers. However, its success will depend on how we choose to use it.

  • DreamBox Math

    Discovery Education Announces Updates to Experience, DreamBox Math

    K-12 learning solution provider Discovery Education has announced enhancements to its Discovery Education Experience and DreamBox Math products, designed to create a more personalized, engaging learning experience for students.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • A geometric pattern of open Chromebook computers with bold outlines, subtle shading, and soft gradients, spaced evenly with vibrant green and blue accents on a neutral background.

    Challenges and Opportunities Ahead for the 'Great Chromebook Refresh'

    During the pandemic, the education community scrambled to provide students with laptops to promote online learning equity and mitigate learning loss. Today, those devices are approaching the end of their useful lives — and a "great Chromebook refresh" has been predicted as schools seek to replace them with newer models.