Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates.
“The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini-conference in London on Thursday.
Aston and colleague Tim Rains, chief security advisor, WW Cybersecurity & Data Protection at Microsoft, cited figures that show one in five of Windows systems lack up-to-date anti-virus protection. Microsoft has contributed to a succession of take-down operations over recent years, but these normally focus on command and control systems rather than compromised devices.
Despite these takedown operations, Microsoft is “not trying to be a policeman”, according to Aston. The software giant is seeking to make it easier for organisations to clean up infected systems on their network, with a new program for exposing IP addresses for infected machines within organisations within its Azure console.
Rains added that despite the perception that China is a “malware cesspit”, the country’s internet infrastructure is comparably clean, with one of the lowest rates of infection on workers and consumers’ PCs. The flip side is that China has among the highest rates of hosting drive-by downloads.
More details on malware infection rates can be found in a blog post on Microsoft’s Security Intelligence Report. ®