Windows 7 shows higher infection rates than XP in last quarter of 2013
The latest Security Intelligence Report from Microsoft reveals that malware infection rates soared in the final quarter of last year thanks mainly to three threats.
Infection rates measured in computers cleaned per thousand (CCM -- yes M, it uses the Latin for thousand) rose from 5.6 in Q3 to 17.8 in Q4 of last year on the back of the Win32/Senfit click fraud bot, along with two new distribution methods. Win32/Rotbrow, a program claiming to protect from browser add-ons, and Win32/Brantall which acts as an installer for legitimate applications but also bundles less welcome things.
It was Rotbrow that was most responsible for the dramatic increase in the CCM metric in 4Q13. Because the Browser Protector software had existed since at least 2011 without exhibiting any malicious behavior, many security software vendors had not configured their products to block or remove it.
An interesting side effect of this is that Vista and Windows 7 showed higher CCM rates than XP for the quarter. The report shows an infection rate of 25.9 percent for Windows 7, 32.4 percent for Vista and 24.2 percent for XP. Microsoft has normalized the figures to take account of differences in numbers using each OS.
This doesn't mean that you should rush off and downgrade all your systems to XP though. Microsoft is quick to point out that, "In general, infection rates for more recently released operating systems and service packs tend to be lower than infection rates for earlier releases, for both client and server platforms. In 3Q13, this pattern is clearly visible, with Windows XP displaying an infection rate significantly higher than any other supported Windows client platform, and Windows 8 RTM -- at the time the most recently released platform -- displaying the lowest".
Looking at threats by type, the report shows that miscellaneous Trojans are still the most commonly encountered threat. Trojan downloaders and droppers grew to become the second most encountered category in the fourth quarter though thanks to Rotbrow and Brantall. The encounter rate for worms fell slightly as did that for exploits.
In terms of geography you're more likely to encounter a Trojan in Brazil, Russia or Italy than elsewhere in the world. Ransomware distribution is particularly sensitive to geography with all encounters taking place in Europe, western Asia, and the wealthy English speaking regions of North America and Oceania. Ransomware is virtually unknown in Latin America, Africa, the Middle East, and eastern and southern Asia.
If you need some bedtime reading you can download the full 152 page PDF report, which covers much more including spam levels and the differences between home and enterprise threat patterns, from the Microsoft website.