Story image

Australia punching above its weight in fight against malware, Microsoft report says

07 Feb 2017

The latest Australian results from Microsoft’s Security Intelligence Report Volume 21 show that the country is well below the worldwide average when it comes to malware encounter rates, well below other countries in APAC.

In the second quarter of 2016, 13% of Australian computers encountered malware attacks, compared to the worldwide rate of 21.2%. The malware encounter rate has also been dropping over the past two years, showing that the country is faring well when it comes to avoiding malware attacks.

The number of computers cleaned per mile (CCM) also sits below the worldwide average, coming in at 5.4%. This measure is a rate metric that shows the number of computers cleaned for every 1000 unique computers using the Malicious Software Removal Tool.

Malicious software categories

The report also found that Trojans account for the majority of malicious software categories, mirroring worldwide statistics.

Trojans in Australia accounted for 4.9% of all encounters, compared to the worldwide rate of more than 11%.   

Exploits were the second-most-encountered malicious software category, accounting for 2.1% of encounters. Downloaders and droppers featured in third place, accounting for 1.2% of encounters.

Amongst the most common malicious software families were the JS/Axpergle (1.6%), Win32/Dynamer (0.6%) and Win32/Xadupi (0.4%).

JS/Axpergle is a detection for the Angler exploit kit, which targets some versions of Internet Explorer, Adobe Flash Player, Java and Silverlight to install malware.

The Win32/Dynamer is a generic detection for a variety of threats.

Win32/Xadupi is a Trojan that poses as useful applications such as WinZipper or QKSee, but can silently install other malware. It is often installed by browser modifiers Win32/Sasquor and Win32/SupTab.

Unwanted software categories

Browser modifiers took out the top spot with 2.7% of encounters, followed by software bundlers (2.2%) and adware (0.9%).

The top unwanted software families include Win32/SupTab (0.6%), Win32/Diplugem (0.5%), Win32/Mizenota (0.5%), Win32/KipodToolsCby (0.4%) and Win32/Adposhel (0.4%).

The Win32/SupTab is a browser modifier that installs itself and changes the browser’s default search provider without consent.

The Win32/Diplugem is a browser modifier that installs browser addons without consent. These addons are usually extra ads on webpages and through web search results.

The Win32/Mizenota is a software bundler that installs unwanted software alongside genuine installs. It may install Win32/SupTab, Win32/Sasqor, Win32/Smudplu, and others.

The highest number of malicious attacks come from malware hosting sites, with 24.28% out of every 1000 internet hosts. Phishing and drive-by downloads also increased.

The report also found that 90% of Australian computers are running up-to-date and real-time security software in 2Q16, slightly higher than the global average.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.