Australia punching above its weight in fight against malware, Microsoft report says
The latest Australian results from Microsoft’s Security Intelligence Report Volume 21 show that the country is well below the worldwide average when it comes to malware encounter rates, well below other countries in APAC.
In the second quarter of 2016, 13% of Australian computers encountered malware attacks, compared to the worldwide rate of 21.2%. The malware encounter rate has also been dropping over the past two years, showing that the country is faring well when it comes to avoiding malware attacks.
The number of computers cleaned per mile (CCM) also sits below the worldwide average, coming in at 5.4%. This measure is a rate metric that shows the number of computers cleaned for every 1000 unique computers using the Malicious Software Removal Tool.
Malicious software categories
The report also found that Trojans account for the majority of malicious software categories, mirroring worldwide statistics.
Trojans in Australia accounted for 4.9% of all encounters, compared to the worldwide rate of more than 11%.
Exploits were the second-most-encountered malicious software category, accounting for 2.1% of encounters. Downloaders and droppers featured in third place, accounting for 1.2% of encounters.
Amongst the most common malicious software families were the JS/Axpergle (1.6%), Win32/Dynamer (0.6%) and Win32/Xadupi (0.4%).
JS/Axpergle is a detection for the Angler exploit kit, which targets some versions of Internet Explorer, Adobe Flash Player, Java and Silverlight to install malware.
The Win32/Dynamer is a generic detection for a variety of threats.
Win32/Xadupi is a Trojan that poses as useful applications such as WinZipper or QKSee, but can silently install other malware. It is often installed by browser modifiers Win32/Sasquor and Win32/SupTab.
Unwanted software categories
Browser modifiers took out the top spot with 2.7% of encounters, followed by software bundlers (2.2%) and adware (0.9%).
The top unwanted software families include Win32/SupTab (0.6%), Win32/Diplugem (0.5%), Win32/Mizenota (0.5%), Win32/KipodToolsCby (0.4%) and Win32/Adposhel (0.4%).
The Win32/SupTab is a browser modifier that installs itself and changes the browser’s default search provider without consent.
The Win32/Diplugem is a browser modifier that installs browser addons without consent. These addons are usually extra ads on webpages and through web search results.
The Win32/Mizenota is a software bundler that installs unwanted software alongside genuine installs. It may install Win32/SupTab, Win32/Sasqor, Win32/Smudplu, and others.
The highest number of malicious attacks come from malware hosting sites, with 24.28% out of every 1000 internet hosts. Phishing and drive-by downloads also increased.
The report also found that 90% of Australian computers are running up-to-date and real-time security software in 2Q16, slightly higher than the global average.