An in-depth perspective on software

vulnerabilities and exploits, malware,

potentially unwanted software, and
malicious websites

Microsoft Security Intelligence Report

Volume 14

July through December, 2012

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR
STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet
website references, may change without notice. You bear the risk of using it.

Copyright © 2013 Microsoft Corporation. All rights reserved.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Argentina
The global threat landscape is evolving. Malware and potentially unwanted
software have become more regional, and different locations around the world
exhibit different threat patterns.

The statistics presented here are generated by Microsoft security programs and
services running on computers in Argentina in 4Q12 and previous quarters. This
data is provided from administrators or users who choose to opt in to provide
data to Microsoft, using IP address geolocation to determine country or region.
Infection rate statistics for Argentina

Metric 1Q12 2Q12 3Q12 4Q12

Computers cleaned per 1,000 MSRT

8.7 7.2 6.5 5.7
executions (CCM)
Worldwide average CCM 6.6 7.0 5.3 6.0

See the Security Intelligence Report website at www.microsoft.com/sir for more

information about threats in Argentina and around the world, and for
explanations of the methods and terms used here.

July–December 2012 1
 Infection trends (CCM)
The MSRT detected malware on 5.7 of every 1,000 computers scanned in Argentina in 4Q12 (a
CCM score of 5.7, compared to the 4Q12 worldwide average CCM of 6.0). The following figure
shows the CCM trend for Argentina over the last six quarters, compared to the world as a whole.
CCM infection trends in Argentina and worldwide

10.0
Worldwide
Computers cleaned per 1,000 scanned (CCM)

9.0
Argentina
8.0

7.0

6.0

5.0

4.0

3.0

2.0

1.0

0.0
3Q11 4Q11 1Q12 2Q12 3Q12 4Q12

2 Microsoft Security Intelligence Report, Volume 14

Threat categories
Malware and potentially unwanted software categories in Argentina in 4Q12, by percentage of computers reporting detections

Argentina Worldwide

40%
Column1
Percent of computers reporting detections

35%
Argentina
30%
25%
20%
15%
10%
5%
0%

 The most common category in Argentina in 4Q12 was Miscellaneous

Potentially Unwanted Software. It affected 32.6 percent of all computers with
detections there, down from 33.0 percent in 3Q12.
 The second most common category in Argentina in 4Q12 was Adware. It
affected 31.3 percent of all computers with detections there, up from 18.0
percent in 3Q12.
 The third most common category in Argentina in 4Q12 was Worms, which
affected 29.0 percent of all computers with detections there, down from
32.9 percent in 3Q12.

July–December 2012 3
 Threat families
The top 10 malware and potentially unwanted software families in Argentina in 4Q12

% of computers
Family Most significant category
with detections
1 Win32/DealPly Adware 25.3%
2 Win32/Dorkbot Worms 14.7%
3 Win32/Keygen Misc. Potentially Unwanted Software 12.3%
4 INF/Autorun Misc. Potentially Unwanted Software 8.5%
5 Win32/Conficker Worms 5.6%
6 Win32/Obfuscator Misc. Potentially Unwanted Software 3.9%
7 ASX/Wimad Trojan Downloaders & Droppers 3.5%
8 JS/IframeRef Misc. Trojans 3.3%
9 Win32/Sality Viruses 3.0%
10 Win32/OpenCandy Adware 2.9%

 The most common threat family in Argentina in 4Q12 was Win32/DealPly,

which affected 25.3 percent of computers with detections in Argentina.
Win32/DealPly is adware that displays offers related to the user’s web
browsing habits. It may be bundled with certain third-party software
installation programs.
 The second most common threat family in Argentina in 4Q12 was
Win32/Dorkbot, which affected 14.7 percent of computers with detections in
Argentina. Win32/Dorkbot is a worm that spreads via instant messaging and
removable drives. It also contains backdoor functionality that allows
unauthorized access and control of the affected computer. Win32/Dorkbot
may be distributed from compromised or malicious websites using PDF or
browser exploits.
 The third most common threat family in Argentina in 4Q12 was
Win32/Keygen, which affected 12.3 percent of computers with detections in
Argentina. Win32/Keygen is a generic detection for tools that generate
product keys for various software products.
 The fourth most common threat family in Argentina in 4Q12 was
INF/Autorun, which affected 8.5 percent of computers with detections in
Argentina. INF/Autorun is a family of worms that spreads by copying itself to
the mapped drives of an infected computer. The mapped drives may
include network or removable drives.

4 Microsoft Security Intelligence Report, Volume 14

Malicious websites
Attackers often use websites to conduct phishing attacks or distribute malware.
Malicious websites typically appear completely legitimate and often provide no
outward indicators of their malicious nature, even to experienced computer
users. In many cases, these sites are legitimate websites that have been
compromised by malware, SQL injection, or other techniques, in an effort by
attackers to take advantage of the trust users have invested in them. To help
protect users from malicious webpages, Microsoft and other browser vendors
have developed filters that keep track of sites that host malware and phishing
attacks and display prominent warnings when users try to navigate to them.

Web browsers such as Windows Internet Explorer and search engines such as
Bing use lists of known phishing and malware hosting websites to warn users
about malicious websites before they can do any harm. The information
presented in this section has been generated from telemetry data produced by
Internet Explorer and Bing. See the Microsoft Security Intelligence Report website
for more information about these protections and how the data is collected.

To provide a more accurate perspective on the phishing and malware

landscape, the methodology used to calculate the number of Internet hosts in
each country or region has been revised. For this reason, the statistics presented
here should not be directly compared to findings in previous volumes.

Malicious website statistics for Argentina

Metric 3Q12 4Q12

Phishing sites per 1,000 hosts 13.24 9.40

(Worldwide) (5.41) (5.10)
Malware hosting sites per 1,000 hosts 17.72 16.30
(Worldwide) (9.46) (10.85)
Drive-by download per 1,000 URLs 0.35 0.32
(Worldwide) (0.56) (0.33)

July–December 2012 5
One Microsoft Way
Redmond, WA 98052-6399
microsoft.com/security