The global threat landscape is evolving. Malware and potentially unwanted software have become more regional, and different locations around the world exhibit different threat patterns.

 

The statistics presented here are generated by Microsoft security programs and services running on computers in Pakistan in 2Q12 and previous quarters. This data is provided from administrators or users who choose to opt in to provide data to Microsoft, using IP address geolocation to determine country or region.

 

Infection rate statistics for Pakistan

 

Metric

 

3Q11

 

4Q11

 

1Q12

 

2Q12

 

Computers cleaned per 1,000 MSRT executions (CCM)

 

31.9

 

32.9

 

32.8

 

35.3

 

Worldwide average CCM

 

7.7

 

7.1

 

6.6

 

7.0

 

 

 

See the Security Intelligence Report website at www.microsoft.com/sir for more information about threats in Pakistan and around the world, and for explanations of the methods and terms used here.

 

Infection trends (CCM)

 

The MSRT detected malware on 35.3 of every 1,000 computers scanned in Pakistan in 2Q12 (a CCM score of 35.3, compared to the 2Q12 worldwide average CCM of 7.0). The following figure shows the CCM trend for Pakistan over the last four quarters, compared to the world as a whole.

 

CCM

 

Threat categories

 

Malware and potentially unwanted software categories in Pakistan in 2Q12, by percentage of computers reporting detections

pakistan

The most common category in Pakistan in 2Q12 was Worms. It affected 47.4 percent of all computers with detections there, up from 43.5 percent in 1Q12.

 

The second most common category in Pakistan in 2Q12 was Viruses. It affected 47.4 percent of all computers with detections there, down from 49.1 percent in 1Q12.

 

The third most common category in Pakistan in 2Q12 was Miscellaneous Trojans, which affected 39.1 percent of all computers with detections there, down from 40.2 percent in 1Q12.

 

Threat families

 

The top 10 malware and potentially unwanted software families in Pakistan in 2Q12

 

 

 

Family

 

Most significant category

 

% of computers with detections

 

1

 

Win32/Sality

 

Viruses

 

30.1%

 

2

 

Win32/Autorun

 

Worms

 

29.0%

 

3

 

Win32/Ramnit

 

Misc. Trojans

 

20.1%

 

4

 

Win32/Virut

 

Viruses

 

15.1%

 

5

 

Win32/Keygen

 

Misc. Potentially Unwanted Software

 

13.2%

 

6

 

Win32/Chir

 

Worms

 

13.2%

 

7

 

Win32/CplLnk

 

Exploits

 

12.9%

 

8

 

Win32/VB

 

Worms

 

8.9%

 

9

 

Win32/Conficker

 

Worms

 

7.4%

 

10

 

Win32/Rimecud

 

Worms

 

6.8%

 

 

The most common threat family in Pakistan in 2Q12 was Win32/Sality, which affected 30.1 percent of computers with detections in Pakistan. Win32/Salityis a family of polymorphic file infectors that target executable files with the extensions .scr or .exe. They may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.

 

The second most common threat family in Pakistan in 2Q12 was Win32/Autorun, which affected 29.0 percent of computers with detections in Pakistan. Win32/Autorunis a family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives.

 

The third most common threat family in Pakistan in 2Q12 was Win32/Ramnit, which affected 20.1 percent of computers with detections in Pakistan. Win32/Ramnitis a family of multi-component malware that infects executable files, Microsoft Office files, and HTML files. Win32/Ramnit spreads to removable drives and steals sensitive information such as saved FTP credentials and browser cookies. It may also open a backdoor to await instructions from a remote attacker.

 

The fourth most common threat family in Pakistan in 2Q12 was Win32/Virut, which affected 15.1 percent of computers with detections in Pakistan. Win32/Virutis a family of file-infecting viruses that target and infect .exe and .scr files accessed on infected systems. Win32/Virut also opens a backdoor by connecting to an IRC server.

 

Malicious websites

 

Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are     legitimate websites that have been compromised by malware, SQL injection, or other techniques, in an effort by attackers to take advantage of the trust users have invested in them. To help protect users from malicious webpages, Microsoft and other browser vendors have  developed filters that keep track of sites that host malware and phishing attacks and display prominent warnings when users try to navigate to them. 

 

Web browsers such as Windows Internet Explorer and search engines such as Bing use lists of known phishing and malware hosting websites to warn users about malicious websites before they can do any harm. The information presented in this section has been generated  from telemetry data produced by Internet Explorer and Bing. See the Microsoft Security Intelligence Report website for more information about these protections and how the data is collected.

 

To provide a more accurate perspective on the phishing and malware landscape, the methodology used to calculate the number of Internet hosts in each country or region has been revised. For this reason, the statistics presented here should not be directly compared to findings in previous volumes.

 

Malicious website statistics for Pakistan

 

Metric

 

1Q12

 

2Q12

 

Phishing sites per 1,000 hosts  (Worldwide)

 

1.78 (1.6)

 

0.55 (1.8)

 

Malware hosting sites per 1,000 hosts (Worldwide)

 

1.85 (3.9)

 

1.72 (4.4)

 

Drive-by download per 1,000 URLs (Worldwide)

 

0.18 (0.7)

 

0.71 (0.9)

 

 

 

Update service usage

Microsoft provides several tools and services that enable users to download and install updates directly from Microsoft or from update servers designated by their system administrators. The update client software (called Automatic Updates in Windows XP and Windows Server  2003, and simply Windows Update in other currently supported versions of Windows) connects to an update service for the list of available updates. After the update client determines which updates are applicable to the user’s computer, it installs the updates or notifies the user that they are available, depending on the way the client is configured and the nature of each update.

For end users, Microsoft provides two update services that the update clients can use:

Windows Update provides updates for Windows components and for device drivers provided by Microsoft and other hardware vendors. Windows Update also distributes signature updates for Microsoft antimalware products and the monthly release of the MSRT. By default, when a user enables automatic updating, the update client connects to the Windows Update service for updates.

Microsoft Update provides all of the updates offered through Windows Update and provides updates for other Microsoft software, such as the Microsoft Office system, Microsoft SQL Server, and Microsoft Exchange Server. Users can opt in to the service when installing software that is serviced through Microsoft Update or at the Microsoft Update Web site (update.microsoft.com/microsoftupdate). Microsoft recommends configuring computers to use Microsoft Update instead of Windows Update to help ensure they receive timely security updates for Microsoft products.

Enterprise customers can also use Windows Server Update Services (WSUS) or the Microsoft System Center family of management products to provide update services for their managed computers.

 

Windows Update and Microsoft Update usage in Pakistan and worldwide

 

percentage 

This chart shows the growth in the number of computers connecting to Windows Update and Microsoft Update in Pakistan over the last four years, indexed to the total usage for both services in Pakistan in 2008.

In 2012, the number of computers connecting to Windows Update and Microsoft Update in Pakistan was up 28.5 percent from 2011, and  up 209.7 percent from 2008. By comparison, worldwide use of the two services increased 18.3 percent between 2011 and 2012, and 59.7 percent from 2008 to 2012.

Of the computers using the two update services in Pakistan in 2012, 47.0 percent were configured to use Microsoft Update, compared to 58.5 percent worldwide.

 

Source: Microsoft Security Intelligence Report [Full Report can be accessed here] Jan - June, 2012

             This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT

This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.

 

 

twc