Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft Security Intelligence Report volume 10 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Security Intelligence Report volume 10

Microsoft released the latest version of their Security Intelligence Report - volume 10 which covers the online threat in year 2010. It is a good research report and summarizes the threat landscape with concrete data to support the findings.

Some of the interesting findings,

  • Exploitation thru Java platform is on significant rise since Q2 2010. The number of exploitation on Java platform far exceed Adobe software and OS platforms.
  • Malicious IFrames accounts for a large number of the attacks over HTTP, this likely indicate the effect of hijacked and compromised websites
  • Conficker is the most active malware family in Enterprise environment and only 9th in the general Internet environment
  • JS/Pornpop is the most active malware family on the general Internet (non-domain joined computer) environment
  • On phishing front, the phishing sites targeting social networking are increasing and they are effective in getting themselves presented to victims.
  • Overall OS level vulnerability counts is steady and browser vulnerability count is increasing slower, however, it is surprising that application vulnerability count is decreasing since 2008. Maybe the software vendors are actually getting much more secure?



I will be teaching next: Leading Cloud Security Design and Implementation - SANS Amsterdam October 2021


93 Posts
ISC Handler
May 14th 2011
Hmm, never heard of Conflicker before, is it similar to Conficker? ;-)

3 Posts
Thanks Alan, I fixed it.

506 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!