SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
NZ dodging malware bullets better than most, new Microsoft report finds
Wed, 1st Feb 2017
FYI, this story is more than a year old

The latest New Zealand results from Microsoft's Security Intelligence Report Volume 21 show that the country is well below the worldwide average when it comes to malware encounter rates, well below other countries in APAC.

In the second quarter of 2016, 11.8% of New Zealand computers encountered malware attacks, compared to the worldwide rate of 20.8%. The malware encounter rate has also been dropping over the past two years, showing that the country is faring well when it comes to avoiding malware attacks.

The number of computers cleaned per mile (CCM) also sits below the worldwide average, coming in at 5.4%. This measure is a rate metric that shows the number of computers cleaned for every 1000 unique computers using the Malicious Software Removal Tool.

Malicious software categories

The report also found that Trojans account for the majority of malicious software categories, mirroring worldwide statistics.

Trojans in New Zealand accounted for 5.5% of all encounters, compared to the worldwide rate of more than 11%.  

Worms were the second-most-encountered malicious software category, accounting for 1.3% of encounters. Downloaders and droppers featured in third place, accounting for 1.2% of encounters.

Amongst the most common malicious software families were the Win32/Dynamer (0.6%), Win32/Xadupi (0.6%) and JS/Axpergle (0.5%).

The Win32/Dynamer is a generic detection for a variety of threats.

Win32/Xadupi is a Trojan that poses as useful applications such as WinZipper or QKSee, but can silently install other malware. It is often installed by browser modifiers Win32/Sasquor and Win32/SupTab.

JS/Axpergle is a detection for the Angler exploit kit, which targets some versions of Internet Explorer, Adobe Flash Player, Java and Silverlight to install malware.

Unwanted software categories

Browser modifiers took out the top spot with 3.4% of encounters, followed by software bundlers (2.5%) and adware (0.9%).

The top unwanted software families include Win32/SupTab (0.7%), Win32/Mizenota (0.7%), Win32/Diplugem (0.7%), Win32/KipodToolsCby (0.6%) and Win32/Sasquor (0.5%).

The Win32/SupTab is a browser modifier that installs itself and changes the browser's default search provider without consent.

The Win32/Mizenota is a software bundler that installs unwanted software alongside genuine installs. It may install Win32/SupTab, Win32/Sasqor, Win32/Smudplu, and others.

The Win32/Diplugem is a browser modifier that installs browser addons without consent. These addons are usually extra ads on webpages and through web search results.

Globally, the highest number of malicious attacks come from malware hosting sites, with 24.28% out of every 1000 internet hosts. Phishing sites also increased to 7.05%, while drive-by downloads accounted for 1%.

The report also found that 90% of New Zealand computers are running up-to-date and real-time security software in 2Q16, slightly higher than the global average.