On July 14, the MMPC added another fake security software program (rogue), Win32/FakeSpyPro, to the MSRT release. As of July 29, MSRT removal of FakeSpyPro had been reported from 187,258 machines worldwide. Rogues continue to be disruptive worldwide. Three families (FakeSpyPro, InternetAntivirus and FakeXPA) that feature in the following list of top threats worldwide reported by MSRT are rogues.

Worldwide

 

 China

 

 Brazil

 Family

 Threats

 Machines Cleaned

 

 Family

 Threats

 Machines Cleaned

 

 Family

 Threats

 Machines Cleaned

 Taterf

       460,015

                          392,821

 

 Ceekat

          33,893

                            32,165

 

 Bancos

            73,930

                            61,646

 Renos

       320,355

                          223,417

 

 Frethog

          12,429

                            11,211

 

 Taterf

            25,569

                            23,522

 Koobface

       370,744

                          200,364

 

 Lolyda

          16,464

                            10,955

 

 Banker

            22,510

                            19,426

 FakeSpypro

       187,258

                          185,229

 

 Hupigon

          11,002

                            10,398

 

 Banload

            20,609

                            16,923

 Alureon

       166,563

                          148,945

 

 Parite

          15,991

                               8,296

 

 Frethog

            14,721

                            13,591

 Rbot

       150,103

                          143,565

 

 RJump

            7,811

                               4,850

 

 Rbot

            11,527

                            11,067

 InternetAntivirus

       137,171

                          134,050

 

 Rbot

            4,646

                               4,522

 

 Cutwail

              7,650

                               4,795

 Frethog

       137,819

                          127,570

 

 Corripio

            3,039

                               2,489

 

 Zlob

              3,895

                               3,728

 FakeXPA

       100,170

                            95,965

 

 Zuten

            2,795

                               2,439

 

 Virut

              5,322

                               3,689

 Zlob

          90,981

                            84,752

 

 Brontok

            1,929

                               1,901

 

 Renos

              5,559

                               3,485

* Password stealers in italics

Data from countries such as China and Brazil shows a different threat landscape, however. None of these rogues were seen in the top threats detected in either China or Brazil.  Additionally:

  • Five of the top threat families in China are online game PWS.  They are Ceekat, Frethog, Lolyda, Corripio and Zuten. Only one of them, Frethog, is in the top detected threats list worldwide.  This may be explained by the fact that massively multiplayer online role-playing game (MMORPG) are extremely popular in China.
  • Three of the top detected families, Bancos, Banker and Banload in Brazil are online banking PWS, none of which are in the most detected threat list worldwide. This indicates that criminals continue to see value and therefore continue to invest in targeting online banking sites in Brazil (even though these PWS appeared in the wild more than four years ago).
  • Hupigon is very prevalent in China while not seen as much worldwide. It is a complicated backdoor that employs stealth and contains keylogging and PWS payloads.
  • Taterf and Frethog are the two MMORPG PWS that are prevalent in Brazil and also prevalent worldwide. Games such as Rainbow Island, Cabal Online, Lineage, MapleStory, Legend of Mir, World Of Warcraft, etc. targeted by these threats have a large fan base worldwide, apparently including Brazil.

Refer to this list to obtain and install a full AV product for your computer to get protected from these PWS threats.

--Scott Wu