Password Stealers are Top Threats in China and Brazil

On July 14, the MMPC added another fake security software program (rogue), Win32/FakeSpyPro, to the MSRT release. As of July 29, MSRT removal of FakeSpyPro had been reported from 187,258 machines worldwide. Rogues continue to be disruptive worldwide. Three families (FakeSpyPro, InternetAntivirus and FakeXPA) that feature in the following list of top threats worldwide reported by MSRT are rogues.

Worldwide			China			Brazil
Family	Threats	Machines Cleaned	Family	Threats	Machines Cleaned	Family	Threats	Machines Cleaned
Taterf	460,015	392,821	Ceekat	33,893	32,165	Bancos	73,930	61,646
Renos	320,355	223,417	Frethog	12,429	11,211	Taterf	25,569	23,522
Koobface	370,744	200,364	Lolyda	16,464	10,955	Banker	22,510	19,426
FakeSpypro	187,258	185,229	Hupigon	11,002	10,398	Banload	20,609	16,923
Alureon	166,563	148,945	Parite	15,991	8,296	Frethog	14,721	13,591
Rbot	150,103	143,565	RJump	7,811	4,850	Rbot	11,527	11,067
InternetAntivirus	137,171	134,050	Rbot	4,646	4,522	Cutwail	7,650	4,795
Frethog	137,819	127,570	Corripio	3,039	2,489	Zlob	3,895	3,728
FakeXPA	100,170	95,965	Zuten	2,795	2,439	Virut	5,322	3,689
Zlob	90,981	84,752	Brontok	1,929	1,901	Renos	5,559	3,485

* Password stealers in italics

Data from countries such as China and Brazil shows a different threat landscape, however. None of these rogues were seen in the top threats detected in either China or Brazil. Additionally:

Five of the top threat families in China are online game PWS. They are Ceekat, Frethog, Lolyda, Corripio and Zuten. Only one of them, Frethog, is in the top detected threats list worldwide. This may be explained by the fact that massively multiplayer online role-playing game (MMORPG) are extremely popular in China.
Three of the top detected families, Bancos, Banker and Banload in Brazil are online banking PWS, none of which are in the most detected threat list worldwide. This indicates that criminals continue to see value and therefore continue to invest in targeting online banking sites in Brazil (even though these PWS appeared in the wild more than four years ago).
Hupigon is very prevalent in China while not seen as much worldwide. It is a complicated backdoor that employs stealth and contains keylogging and PWS payloads.
Taterf and Frethog are the two MMORPG PWS that are prevalent in Brazil and also prevalent worldwide. Games such as Rainbow Island, Cabal Online, Lineage, MapleStory, Legend of Mir, World Of Warcraft, etc. targeted by these threats have a large fan base worldwide, apparently including Brazil.

Refer to this list to obtain and install a full AV product for your computer to get protected from these PWS threats.

--Scott Wu

Microsoft Malware Protection Center

Microsoft Safety Scanner

Microsoft Security Response Center

Microsoft Security Essentials

Microsoft Forefront

Windows Defender

Microsoft AntiSpam

ICSA Labs

Virus Bulletin

West Coast Labs

AV-Test

AV-Comparatives

Forefront Client Security Team Blog

Forefront Team Blog

Microsoft Security Research & Defense Blog

The Microsoft Security Response Center Blog

Trustworthy Computing Blog

Microsoft Malware Protection Center

Microsoft Security Intelligence Report

Password Stealers are Top Threats in China and Brazil