The MSRT added the following threat families in 2H08.  Rogues and botnet malware were the focus during the six months.

New Family

Note

Added in

Computers Cleaned by the MSRT in 2H08

Win32/Horst

CAPTCHA breaking threat

July

235,318

Win32/Matcash

Downloader

August

217,610

Win32/Slenfbot

IRC bot

September

598,178

Win32/Rustock

Rootkit spam bot

October

183,858

Win32/FakeSecSec

Rogue AV

November

1,205,329

Win32/FakeXPA

Rogue AV

December

460,931

Win32/Yektel

Rogue AV

December

201,635

This cleaning tool is deployed to 450 million Windows machines every month through Windows Update (WU) and Automated Update (AU).  It is one of the major data sources for the Security Intelligence Report (SIR).  At Microsoft when it comes to decide what new threat families to be included by MSRT we analyze the threat prevalence, the impact to the ecosystem, to the Windows users and to our partners.  In 2009 we added Banload, Conficker, Srizbi, Koobface and Waledac to the MSRT. We also take requests from our colleagues in the industry as Jeff Williams mentioned in his Koobface blog where the recent cooperation with Facebook was a good success.

MSRT is not the only data source for the SIR.  Combining MSRT with other Microsoft products and tools, Microsoft observed the following top 25 threat families worldwide.  Besides the rogue related threat families, online game password stealers (PWS) are also very notable on the list – Taterf, Frethog, Lolyda, Tilcun are all game PWS.

For more information about malware and potentially unwanted software, or other Microsoft security intelligence please visit www.microsoft.com/SIR

--Scott Wu