21.09.2012 17:03
Spikes in Austrian CCM number in Q4/2011
Microsoft's Security Intelligence Report 12 uses the computers cleaned per mille (CCM) metric to compare the infection rates over time and between countries.This is, of course, no perfect measurement of the actual infection rates due to a number of factors, but nevertheless an interesting data-point.Austria usually sports a quite low CCM score, but during Q4 2011 something strange happened: there was a clear upwards spike. So we wondered what happened to Austria (as well as to some of our neighbors):There seem to be various factors playing together:
- The online banking gangs (using SpyEye, ZeuS, Ice-IX, Citadel, Torpig, ...) seem to be focussing on specific banks (and countries) at each point in time. Once they have the web-injects and the money-mules lined up, they use shady services to buy either installs or web-traffic on a by-country basis. Given the effectiveness of exploit-packs, web-traffic can be easily be turned into zombies.
- MSRT added detection for SpyEye in October 2011, causing spikes in CCM in those countries that experienced active SpyEye campaigns at that time.
- SpyEye has been supplanted by other banking-malware, MSRT might not be covering all of them.