Firstly, since this data is gathered through MS' "Malicious Software Removal Tool", we are only going to be seeing data from systems that regularly run Windows Update. Almost by definition, those machines are less likely to be afflicted by malware that exploits vulnerabilities, since the purpose of WU is to patch vulnerabilities. Additionally, administrators of systems that regularly run WU are probably more likely than average to take other precautions to harden their systems, such as restrictive firewalling. These effects will result in a seriously biased sample.
Secondly, MyWife/Blackmal/CME-24 is also a social engineering worm! From infected machines it sends out emails with subject lines like "Miss Lebanon 2006" and attachments with enticing names like SeX.zip.scR. The only slightly interesting thing it does is also copy executables to writeable network shares, which might be exploiting a misconfiguration but isn't exactly exploiting a vulnerability. So, here, MS is comparing apples to apples and finding one of the apples is greener. Or redder, or something. It doesn't tell you anything at all about oranges.
Firstly, since this data is gathered through MS' "Malicious Software Removal Tool", we are only going to be seeing data from systems that regularly run Windows Update. Almost by definition, those machines are less likely to be afflicted by malware that exploits vulnerabilities, since the purpose of WU is to patch vulnerabilities. Additionally, administrators of systems that regularly run WU are probably more likely than average to take other precautions to harden their systems, such as restrictive firewalling. These effects will result in a seriously biased sample.
Secondly, MyWife/Blackmal/CME-24 is also a social engineering worm! From infected machines it sends out emails with subject lines like "Miss Lebanon 2006" and attachments with enticing names like SeX.zip.scR. The only slightly interesting thing it does is also copy executables to writeable network shares, which might be exploiting a misconfiguration but isn't exactly exploiting a vulnerability. So, here, MS is comparing apples to apples and finding one of the apples is greener. Or redder, or something. It doesn't tell you anything at all about oranges.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/178/860#860