Malware Infection Index 2016 highlights key threats undermining cybersecurity in Asia Pacific: Microsoft Report

Top three encountered malicious software in the region include Gamarue, Skeeyah and Peals

SINGAPORE – 7 JUNE 2016 – Microsoft Asia today announced the launch of its Malware Infection Index 2016 (MII2016), which identifies the key malware threats in the region and ranks markets in Asia Pacific according to how much they are affected.

The top three most encountered malware include Gamarue, a malicious computer worm that is commonly distributed via exploit kits and social engineering; and Skeeyah and Peals which are trojans that try to look innocent to convince you to install them. These malware can steal your personal information, download more malware, or give a malicious hacker access to your PC. The findings are based on data from the Microsoft Malware Protection Center (MMPC) and the Microsoft Security Intelligence Report (SIRv20).

The Asia Pacific region is especially vulnerable with emerging markets most at risk of malware threats. Out of the top five locations across the globe most at risk of infection, a total of four are from the Asia Pacific — Pakistan, Indonesia, Bangladesh and Nepal, topping the rankings at first, second, fourth and fifth places respectively in terms of computers encountering malware.

In fact, the Windows Defender Advanced Threat Hunting team in April reported the discovery of a group of cybercriminals, dubbed PLATINUM, who have actively since 2009 been targeting governmental organizations, defense institutes, intelligence agencies, and telecommunication providers in South and Southeast Asia.

Top markets in Asia Pacific under malware threats:



The Malware Infection Index 2016 revealed the locations with the highest malware encounter rates was Pakistan, followed by Indonesia, Bangladesh, Nepal and Vietnam respectively. Each country had an average of close to 40 percent or more computers encountering malware, compared to the worldwide average of only 20.8 percent, as of 4Q 2015, up from 17.6 percent in 1Q 2015.

1. Pakistan 2. Indonesia 3. Bangladesh 4. Nepal 5. Vietnam 6. Philippines 7. Cambodia 8. India 9. Sri Lanka 10. Thailand 11. Malaysia 12. Singapore 13. Taiwan 14. China 15. Hong Kong 16. Australia/Korea 18. New Zealand 19. Japan

Top Three Encountered Malware in Asia Pacific

The top three most-encountered malware families in the Asia Pacific region were Gamarue, a worm which can give a malicious hacker control of your PC; and Trojans Skeeyah and Peals, which can steal personal information, download more malware or give hackers access to your PC.

Gamarue is particularly prevalent in the ASEAN region and was the third most commonly encountered malware family worldwide in 2H 2015. Certain heavily affected locations such as Indonesia reported Gamarue encounter rates of over 20 percent in 4Q 2015, close to the worldwide encounter rates for all threat families combined for the quarter.

It is commonly distributed via exploit kits and social engineering and has been observed to steal information from the local computer and communicate with command-and-control servers managed by attackers. It is particularly prevalent in Mongolia, with 35 computers infected out of every 1,000 running the Microsoft Malicious Software Removal Tool (MSRT) in 2H 2015.

Trojans Peals and Skeeyah are generic detections for a variety of threats that share certain characteristics. Trojan encounters increased 57 percent from 2Q 2015 to 3Q 2015 and remained at a high through the end of the year, which was attributed to increased encounters with Peals and Skeeyah. They have been observed to download and install other malware, use your computer for click fraud, steal information like usernames and browsing history and give your PC access to a remote malicious hacker.

Keshav Dhakad, regional director, Intellectual Property & Digital Crimes Unit, Microsoft Asia, said, “The rising sophistication and targeted cyberattacks are causing devastating disruption and losses of data and information across all computer and Internet user segments. In fact, it generally takes on average up to 200 days for organizations to find out that they have been victims of cyberattacks.”

“We are noticing that four key common IT environment issues. Firstly, the usage of IT assets which are old, unprotected, or are non-genuine in nature, Secondly, unmanaged and unregulated IT assets usage, procurement and maintenance. Thirdly, poor cyberhygiene of users and negligent employee behaviour inside companies. Fourthly, the inability of the companies to timely monitor, detect and remove modern cyber threats, among others, are some of the common causes for cybercrime risks”

As part of Microsoft’s commitment to building trust in technology in the region, a new Cybersecurity Center (CSC) to advance the fight against cyberthreats was opened in South Korea in March, following a similar launch in Singapore last February. The CSCs drive greater public-private partnerships to fight cybercrime, as well as strengthen the cooperation with local businesses, governmental and academic organizations on cybersecurity. These CSCs are an extension of the Microsoft Cybercrime Center in Redmond, USA, the headquarters of Microsoft Digital Crimes Unit (DCU). The other Satellite Centers in Asia are located in Singapore, Beijing, Tokyo and India.