November 16, 2011, 11:58AM
Microsoft Now Using IP Address to Map Malware Infections
Comment 
Microsoft has a new way of determining the geolocation of systems infected with malware, and it had subtle but relevant effects on the 11th volume of the Microsoft Security Intelligence Report. It’s a novel concept, instead of relying on an administrator-specified setting that anyone with hands and a mouse can change, they are now relying on IP addresses.
When Microsoft compared the results of the 11th Microsoft Security Intelligence Report using both the new IP address method and the old administrator-specified method they found that very few locations saw a decrease in infection rates from the old method to the new, according to a post on TechNet. In fact the only locations that saw decreases were Taiwan, Spain, Russia, the United States, and France; the languages spoken in these countries (Chinese, Spanish, Russian, English, and French respectively) represent five of the most popular languages on the Internet.
On the other hand, a number of locations, mostly places with small populations, saw significant increases in malware detection rates. Microsoft’s director of trustworthy computing, Tim Raines, isn’t claiming that computer administrators, malicious or otherwise, are altering the settings to skew the results of the Microsoft Intelligence Report, but rather that in smaller countries (let’s use one in which Spanish is the primary language other than Spain as an example) the administrators may be configuring the local settings to reflect language-origin rather than actual location. In this case, that would mean choosing Spain as the location when that user may indeed live in Equatorial Guinea. The result would be that any malware infections taking place in that country would be reported as having occurred in Spain. Hence, a small Spanish speaking country’s malware rates go up and Spain’s goes down.
Of course IP addresses can be spoofed, but it’s more difficult and (probably) less common than users choosing incorrect locale settings in Windows for whatever reason.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (9)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (3)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (3)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
