On March 10 we released an update to the Malicious Software Removal Tool to add targeting of the Win32/Koobface family. The addition of this threat came out of discussions with the security team at Facebook but this is not the first time we have added a family of malicious software to MSRT on request. We regularly work with CERTs, government agencies, ISPs and companies on threats as part of our outreach activities.

Win32/Koobface falls in as the sixth most common threat removed by MSRT this month.

Rank

Family

Reports

1

Taterf

1,502,160

2

Frethog

649,881

3

Alureon

317,919

4

Vundo

213,643

5

FakeXPA

200,941

6

Koobface

197,970

7

Lolyda

184,835

8

Renos

153,307

Win32/Koobface has impacted systems in locales where English is a primary or secondary language with the greatest frequency – likely due to the social engineering aspect of its propagation which was discussed in Scott Molenkamp’s earlier discussion of this threat.

Locale

%

United States

40.3%

United Kingdom

13.6%

Belgium

9.3%

France

5.8%

Italy

4.4%

Turkey

2.7%

Canada

2.2%

Netherlands

2.0%

Israel

1.6%

Australia

1.6%

Greece

1.5%

Ireland

1.2%

Spain

1.2%

New Zealand

1.0%

All Others

11.3%

The Microsoft Malware Protection Center is committed to our efforts to protect the Internet from malicious software. If you are part of an incident response team working against a threat family that has an impact of this scale and you can quantify the impact with data, feel free contact us through our portal or through the other channels of contact you have with us with your requests. Just as we have partnered with industry to attack the Win32/Conficker threat we welcome partnerships to help respond to other significant threats to the Internet.

--Jeff Williams