not sure, but i have long been predicting a renaissance for self-replicative malware – the economy of effort is just too tempting for the practice to stay out of favour.

“# page 9: “Computers in enterprise environments (those running Microsoft Forefront™ Client
Security) were much more likely to encounter worms during 1H09 than home computers
running Windows Live™ OneCare™.” Again I wonder if this is an anomaly of better detection techniques.
# page 9: Conficker is top threat with enterprises and not in top ten with consumers. Is this because Conficker targets enterprises or simply because consumers have many other threats that are well-controlled in enterprises?”

one word – patching. enterprises are much less likely to leave automatic updates turned on. as a result vulnerabilities stay unpatched longer in those environments and worms exploiting those vulnerabilities spread better.

“page 12: “Compromised servers acting as exploit servers can have massive reach; one exploit server can be responsible for hundreds of thousands of infected Web pages.” I would not have characterized the number of affected web pages on a single server as “reach”. Am I reading this wrong?”

i wouldn’t characterize it that way either. perhaps the affected webpage stat is to demonstrate *how* such a reach could be accomplished.