Microsoft Security Intelligence Report volume 10

Microsoft released the latest version of their Security Intelligence Report - volume 10 which covers the online threat in year 2010. It is a good research report and summarizes the threat landscape with concrete data to support the findings.

Some of the interesting findings,

  • Exploitation thru Java platform is on significant rise since Q2 2010. The number of exploitation on Java platform far exceed Adobe software and OS platforms.
  • Malicious IFrames accounts for a large number of the attacks over HTTP, this likely indicate the effect of hijacked and compromised websites
  • Conficker is the most active malware family in Enterprise environment and only 9th in the general Internet environment
  • JS/Pornpop is the most active malware family on the general Internet (non-domain joined computer) environment
  • On phishing front, the phishing sites targeting social networking are increasing and they are effective in getting themselves presented to victims.
  • Overall OS level vulnerability counts is steady and browser vulnerability count is increasing slower, however, it is surprising that application vulnerability count is decreasing since 2008. Maybe the software vendors are actually getting much more secure?



I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Leadership and Cloud Security Dallas 2022 - Live Online


93 Posts
ISC Handler
May 14th 2011
Hmm, never heard of Conflicker before, is it similar to Conficker? ;-)

3 Posts
Thanks Alan, I fixed it.

528 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!