SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Dodging bullets: Australia's top malware threats according to Microsoft
Wed, 11th Oct 2017
FYI, this story is more than a year old

Australia is dodging many dangerous malware variants that are causing trouble around the globe, according to Microsoft's latest Security Intelligence Report.

The report analyses data collected between January and March 2017 from administrators who have opted to share information from Microsoft security programs and services running on their computers.

3.5% of Australian computers encountered malware in March 2017, less than half the global encounter rate of 7.8%.

Australian computers were not completely immune from malware, however, as they encountered many malicious Trojans, downloaders and droppers and other malware.

According to the report, Trojan activity peaked in both Australia and in the global threat landscape. They affected 3.28% of all computers in March; a jump from 2.68% in February. The worldwide threat encounter rate hit more than 6%.

0.6% of Australian computers faced malware downloaders and droppers, up from 0.52% in February. Viruses also affected 0.4% of all computers, also an increase from 0.34% in February.

The top malicious families in Australia by encounter rate are:

  • Win32/Skeeyah (Trojan) - 0.67%
  • Win32/Vigorf (Trojan) - 0.37%
  • Win32/Fuery (Trojan) - 0.34%
  • Win32/Spursint (Trojan) - 0.32%
  • Win32/Dynamer (Trojan) - 0.23%
  • Win32/Vigram (Trojan) - 0.14%
  • Win32/Swrort (Trojan) - 0.14%
  • Win32/Xorer (Virus) - 0.13%
  • Win32/MpTestAgg (Virus) - 0.13%
  • Win32/Rundas (Trojan) - 0.11%

The Win32/Skeeyah and the Win32/Vigorf are both generic detections for threats that display Trojan-like characteristics, while Win32/Fuery is a cloud-based detection for files for files that have been automatically labelled malicious by Windows Defender.

Browser modifiers dominated the encounter rate for the amount of unwanted software families in Australia, followed by software bundlers and adware.

Browser modifiers affected 0.65% of Australian computers, followed by software bundlers (0.47%) and adware (0.14%). All categories experienced an increase in encounter rate from February to March.

The top five unwanted software families in Australia by encounter rate are as follows:

  • Win32/Foxiebro (Browser Modifier) - 0.23%
  • Win32/ICLoader (Software Bundler) - 0.07%
  • Win32/Adposhel (Adware) - 0.07%
  • Win32/Prepscram (Software bundler) - 0.06%
  • Win32/Sasquor (Browser Modifier) - 0.06%

Win32/Foxiebro is a browser modifier that injects ads to search results pages, modify web pages to insert ads and open ads in new tabs.

Win32/ICLoader is a software bundler available from software ‘crack sites'. It installs alongside the desired program. It often installs other unwanted software.

Win32/Adposhel is adware that can show additional ads both inside and outside a web browser.

Australian computers were also exposed to a lower rate of malicious websites that have been compromised by malware, SQL injection or other techniques.

Australian computers also encountered fewer drive-by download pages for every 1000 URLs, compared to the worldwide rate of 0.17.

However, Australia was exposed to more phishing sites per 1000 internet hosts, compared to 6.3 worldwide.

Australian computers encountered fewer malware hosting sites per 1000 internet hosts (7.7) compared to the global average of 14.8.

Around 89% of Australian computers were protected by Microsoft's real-time security software during March 2017.