SA threat trend on downward slope

While computer viruses are still rife in SA, the overall threat trend sits on a downward scale, with local security tools becoming increasingly adept at controlling the vulnerable landscape, which is beset by malicious attacks.

This good news emerged from the latest Microsoft Security Intelligence Report (SIRv12), which epitomises how the global threat landscape is constantly evolving as new software and computer technologies emerge. Malware and potentially unwanted software, states the report, have become more regional, with SA exhibiting its own unique threat pattern.

Chief security advisor at Microsoft SA Khomotso Kganyago yesterday presented local findings from the report at ITWeb's annual Security Summit. Developed by Microsoft and based on detailed trend analyses over the past several years, the SIRv12 focuses on the second half of 2011 and provides in-depth perspectives on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in Microsoft and third-party software.

Using statistics garnered from, among others, Microsoft's Malicious Software Removal Tool (MSRT), malware was detected on 8.1 of every 1 000 computers scanned in SA in the fourth quarter of 2011 (4Q11), compared to the worldwide average of 7.1 for the same period.

There is always a relationship between threats and increased access.

Khomotso Kganyago, chief security advisor at Microsoft SA

The most common category in SA, says Kganyago, was worms. This affected 42.8% of all computers cleaned, down from 43.7% in the third quarter of last year (3Q11).

“While viruses and worms are still a big threat in SA, the general trend is coming down, so we need to look at what we are doing right,” says Kganyago.

The second most common category in 4Q11 was miscellaneous and potentially unwanted software. It affected 30.1% of all computers cleaned, down from 31.2% in 3Q11 The third most common category in 4Q11 was miscellaneous Trojans, which affected 20.7% of all computers cleaned, down from 20.8% from the preceding quarter.

In terms of malicious Web sites - Web pages used by attackers to host phishing pages or to distribute malware - SA proved to be slightly above the global average of phishing and malware hosting sites per 1 000 hosts (0.02 higher in each case). Regarding the percentage of drive-by download sites (Web sites hosting one or more exploits that target vulnerabilities in Web browsers and browser add-ons), SA was well below the world average, at 0.031% compared to the global average of 3.644%.

“There is always a relationship between threats and increased access. A recent report showed that about eight million South Africans now have Internet access.” Kganyago says. This, coupled with increasing capacity coming to SA from the deployment of undersea cables, creates a landscape that is open to threats - which have to be constantly monitored.