Installing anti-virus software really does make a difference, or at least that’s the message that Microsoft Corp. is getting across at the Sector security conference in Toronto.

A malware spike experienced in Canada at the beginning of 2013, which appeared after years of a trend of decreasing the number of computers infected, is now being reversed. Canada saw its rate of infected computers per 1,000 jump from an all-time low of 2.2 to 4.1 at the beginning of 2013. An explosion of specific malware variants were too blame, according to Microsoft, able to circumvent initial detection on some machines. The good news is an update to address those malware variants and remove them from infected machines is working, and Canada’s infection rate has now lowered to 3.5 systems infected per 1,000.

That spike in the first half of the year was more severe in Canada than it was in the U.K. or France, but not as. bad as it was in the U.S. where it spiked to eight computers per thousand infected, says Tim Rains, director of product management for trustworthy computing at Microsoft. Showing off his slides in a side room ahead of his presentation, Rains points to two main malware variant types as the culprits of the malware outbreak.

Sirefef (pronounced “Sire EF EF”) suddenly became much more common than the other type five threats in Canada during the first half of 2013, he shows. It was on 1.35 out of every 1,000 computers in Canada. “This piece of malware is pretty severe and it downloads other forms of malware,” Rains says.

Another threat, Alureon was a well-known malware type that spiked up to 0.6 computers per thousand. In both cases, the malware families are known to security firms, but hackers have churned out enough variants to bypass detection.

“It’s a war of attrition where they’re constantly changing the malware every single day,” Rains explains. “We’re trying to have generic detection… than we can clean an entire malware family.”

Microsoft responded to the flood of new malware variants by pushing a new update to its Malicious Software Removal Tool in February. New data for the second half of 2013 suggests that response is working, with Sirefef infections dipping down to 1.27 computers per thousand and Alureon also coming down slightly.

Unprotected computers suffer consequences

The data supports an earlier study conducted by Microsoft looking at what difference having anti-virus software actually makes in preventing computers from being infected. The study, detailed in the May version of the Security Intelligence Report, shows unprotected users were 5.5 times more likely to be infected by malware.

“Even in the most active malware places in the world, having antivirus software dramatically reduced malware infection rates,” Rains says.

Microsoft has been trying to boost rates of antivirus software adoption in Canada for years, Microsoft Canada’s Chief Technology Officer said in another presentation at Sector. He points to the education site GetCyberSafe.ca launched in October 2011.

“We’re still seeing people run without antivirus,” he says. “We’re still treating their phones like flip phones, not like the computer that it is.”

Other malware problems more prominent in Canada compared to elsewhere in the world include some types of malicious Web sites.

  • Canadian computers found to host phishing Web sites at a rate of 4.85 computers per 1,000 compared to a worldwide average of 4.24 computers per thousand. Phishing sites aim to steal user information, often by fraudulently posing as a legitimate Web site like a bank.
  • In Canada, there are 1.41 drive by download attacks per 1,000 URLs, compared to 1.12 per thousand elsewhere in the world. This typically involves what may be a legitimate Web site, but it has been hacked so malware piggybacks on data being downloaded by users.

 

Share on LinkedIn Comment on this article Share with Google+

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>