Microsoft Malware Protection Center

Threat Research & Response Blog
Options
Search Blogs
  • Advanced search options...
Tags
Partner Links
Industry Links
Partner Blogroll
MMPC Links
Archive
Archives

MSRT October Release – Case Study

TechNet Blogs > Microsoft Malware Protection Center > MSRT October Release – Case Study

MSRT October Release – Case Study

27 Oct 2009 11:45 AM
  • Comments 0

As of October 21st, the MSRT has removed the newly added threat, Win32/FakeScanti from 56,700 infected machines. For this month, it was the 12th most prevalent threat family worldwide and 7th in the US. Overall the MSRT has cleaned 2,516,235 machines this month from all kinds of malware infections.

We all know the threat landscape is not homogenous across geographic regions.  Let’s take a look at US, China, and Brazil as a case study.

United States

China

Brazil

 Family

 Threats

 Machines Cleaned

 Family

 Threats

 Machines
Cleaned

 Family

 Threats

 Machines Cleaned

 Alureon

       147,387

            117,351

 Lolyda

          77,781

               72,863

 Taterf

          72,464

            70,069

 Taterf

       121,988

            116,217

 Frethog

          21,927

               20,042

 Bancos

          67,577

            59,414

 FakeXPA

       108,026

            103,578

 Ceekat

            9,440

                 8,767

 Frethog

          33,455

            32,009

 Renos

          69,147

              55,461

 Conficker

            8,899

                 8,427

 Banker

          27,421

            26,420

 FakeRean

          78,067

              53,376

 Hupigon

            5,127

                 4,879

 Conficker

          19,664

            18,398

 Yektel

          52,259

              51,061

 Parite

            7,518

                 4,592

 Banload

          18,617

            18,121

 FakeScanti

          70,120

              50,260

 RJump

            3,875

                 2,552

 Cutwail

            8,452

              5,269

 Frethog

          51,038

              49,526

 Brontok

                980

                     969

 Alureon

            3,656

              3,053

 Daurso

          32,205

              32,150

 Taterf

            1,177

                     963

 Renos

            3,192

              2,228

 Koobface

          43,640

              27,793

 Corripio

                980

                     855

 IRCbot

            1,929

              1,874

 FakeSpypro

          26,530

              26,242

 Sdbot

                776

                     770

 Brontok

            1,768

              1,739

 Note: Rogues in italics; Password Stealer (PWS) bolded

Some key takeaways:

  • In the US (as well as other English speaking countries) rogues are predominant.  Six of the top ten threat families in the US are rogues or rogue-related trojan downloaders. This poses a challenge for the end users to identify the legit AV products when there are so many rogue products popping up on the users’ machines. 
  • Six of the top ten threat families in China are password stealers, most of which are hunting for online gamers’ credentials.
  • Six of the top ten threat families in Brazil are also password stealers, though a lot of them (Bancos, Banker and Banload) tend to target online banking credentials in Brazil.

We close, as we always do, by urging you to take action and protect yourself. 

Scott Wu

,
Comments