Microsoft: IT vulnerabilities down, threats deadlier

Threats rise even though reported vulnerabilities drop

IT threats are continuing to rise, although the number of disclosed vulnerabilities tailed off in the last six months of 2007, according to new research from Microsoft launched at today's Infosecurity Europe event.

The firm's Security Intelligence Report uses data captured by Microsoft Windows Defender and the Microsoft Malicious Software Removal Tool (MSRT) over the last six months.

The disclosure of new vulnerabilities dropped by 15% in the last six months of 2007, while the amount of malware removed from computers by the MSRT was 40 per cent higher. Instances of trojan malware rocketed by 300 per cent.

The number of potentially unwanted applications – such as spyware and adware – jumped by 67 per cent to 129.5 million pieces.

"The criminals are clearly focusing on getting Trojans to download on PCs – it's the lynchpin to starting the process of gaining access," explained Vinny Gullotto, general manager of Microsoft's Malware Response Centre. "The sheer volume of threats we're seeing globally coming into the labs is staggering."

The report also claimed that newer Microsoft products are at less risk from these threats: MSRT proportionally cleaned malware from 60 per cent less Windows
Vista-based computers compared to computers running Windows XP Service Pack 2.