We follow with much interest data published by Microsoft from their Malicious Software removal tool (MSRT). The MSRT is an anti-malware program downloaded by Windows and runs automatically as part of Microsoft’s normal monthly update cycle. Windows is ubiquitous and therefore a natural target for malware, and with the MSRT busy doing its work on those machines, the resulting data can be a useful insight into malware trends. A recent blog entry from Microsoft’s Malware Protection Center outlined August’s top ten detections from the MSRT:
There are a few interesting things about this table:
The first is the predominance of data stealers, including Taterf, Frethog, Aleureon, and Bancos. Stealing data, such as passwords, credit card numbers, and online game credentials is where all the action is, it seems. A recent report from Panda noted a huge increase over the past year in the number of users affected by malware designed for identity theft. In our own experience here at TRACElabs, we are coming across data stealing Trojans a lot, including the notable Zbot.
The second is the appearance of Cutwail (aka Pushdo) and Rustock in the top ten. These two malware families comprise the two biggest spamming botnets in terms of spam output measured by TRACElabs. These botnets are the heavy hitters of the spam world and have been so for most of this year. The fact that MSRT can clean up 100,000 machines from each botnet and spam continues largely unabated says a lot about how large scale, entrenched, and resilient these systems are. Still, it's great to see the MSRT targeting the spammers – its one way of trying to keep these botnets in check.
And last, but not least, Koobface makes the list at number six. We first wrote about Koobface a year ago here and here. This high-profile and multi-faceted malware has been observed performing a range of malicious activity, including stealing data, and generating “pay-per-click” revenue. It likes to spread by targeting social networking sites such as Twitter, Facebook, MySpace and others. Koobface has recently been active spreading tweets on Twitter with links leading off to fake Facebook landing pages which prompt the visitor to download the Koobface malware itself.
All in all, its a sorry list of miscreant creations. Kudos to Microsoft for aiming at them and sharing its results.
