The top security threat in enterprise environments during the first half of the year was the Conficker worm, Microsoft says in its Security Intelligence Report (SIRv7), which covers the first six months of 2009.
The above map illustrates the infection rates of locations around the world, expressed in a metric called CCM that represents the number of computers cleaned per thousand executions of the Malicious Software Removal Tool. Source
Microsoft SIRv7 Report
In the SIRv7 report, Microsoft states that the number of worm infections in enterprise environments doubled from the last half of 2008 through the first half of 2009. This allowed worms to rise from the fifth most commonly encountered threat category to second.
Microsoft’s SmartScreen Filter has helped determine that the amount of Miscellaneous Potentially Unwanted Software detected rose from 35% in the second half of 2008 to 44% in the first half of 2009. Based on statistics in the SIRv7 report, Microsoft’s self-assessment is that its security measures are stopping malware before it gets downloaded.
Network Behavior Analysis
Companies can benefit from a solution that provides additional home land security measures. Intelligent use of NetFlow can be effective at detecting odd traffic patterns and stopping the spread of worms across internal networks. Flow Analytics from plixer ships with dozens of algorithms that detect malware such as botnets, worms, and other threats. While antivirus solutions help catch infections on computers, Flow Analytics looks for problems that are already underway (e.g. DDoS, network scans, nefarious activity, etc.) on the internal network.
Scrutinizer with Flow Analytics is one of the only NetFlow and sFlow solutions that combines network traffic analysis with continuous network behavior monitoring. Because IDS or IPS devices usually only monitor internet connections, Scrutinizer can be used to monitor for worms and other malicious traffic patterns on all network connections that can export NetFlow and sFlow.