By continuing to include new variants of the existing threat families, the MSRT has removed malware from more than 1.5 million machines three days after its release on 10 November.  This month we’ve also added Win32/FakeVimes and Win32/PrivacyCenter to the MSRT detection and have removed these new rogues from more than 110,000 machines. 

A lot of the top threat families are no strangers if you refer to our previous blog posts, or our recent published Security Intelligence Report.

  • Out of these prevalent threat families worldwide, 8 are password stealers collecting online game credentials, online banking passwords or other user identities of users’ online accounts.
  • 8 of them are fake security products or trojan downloaders for rogues.  The MSRT now covers the following most high profile rogues
  • 5 are trojan downloaders or droppers, a threat category which is often an infection vector to deliver drive-by malware to the victims’ computers.
  • Win32/Koobface is still on top 25 though it has dropped out of top 10. Online Social Network sites such as Facebook continues to boost their security hardening to protect their customers and we welcome their actions.
  • Win32/Zlob had dropped out of the list in recent months after being extremely prevalent for almost three years.  We observed that the Zlob authors appeared to move to somewhere else in our Oct 2008 blog and Jan 2009 blog.

Family 

Computers Cleaned 

Most Significant Category

Notes

 Taterf 

239,870

Worms

online game PWS

 Alureon 

141,358

Miscellaneous Trojans

data stealing trojans modifying DNS settings

 Bancos 

138,803

Password Stealers & Monitoring Tools

Brazil online banking PWS

 Renos 

115,970

Trojan Downloaders & Droppers

AV rogues downloaders

 FakeXPA 

96,466

Miscellaneous Trojans

AV rogues

 Yektel 

90,982

Trojan Downloaders & Droppers

AV rogues

 FakeVimes 

78,749

Miscellaneous Trojans

AV rogues

 Cutwail 

78,161

Trojan Downloaders & Droppers

Spambot

 FakeSpypro 

57,534

Miscellaneous Trojans

AV rogues

 Frethog 

54,764

Password Stealers & Monitoring Tools

online game PWS

 Bredolab 

48,323

Trojan Downloaders & Droppers

mass downloader

 IRCbot 

40,259

Backdoors

old spambot with traditional C&C

 Vundo 

38,481

Miscellaneous Trojans

adware downloaders

 Koobface 

36,300

Worms

web2.0 worm targets social networking sites

 Brontok 

35,531

Worms

mass-mailing e-mail worms

 PrivacyCenter 

34,726

Miscellaneous Trojans

AV rogues

 Banker 

28,293

Password Stealers & Monitoring Tools

Brazil online banking PWS

 Banload 

25,166

Password Stealers & Monitoring Tools

Brazil online banking PWS

 Jeefo 

23,887

Viruses

parasitic file-infector virus

 Virut 

22,549

Viruses

viruses evolved with backdoor behaviors

 FakeRean 

20,603

Miscellaneous Trojans

AV rogues

 FakeScanti 

20,222

Miscellaneous Trojans

AV rogues

Parite

20,076

Viruses

Prevalent viruses in Asia

 Lolyda 

19,210

Password Stealers & Monitoring Tools

online game PWS

 RJump 

18,452

Worms

Worm targeting removable devices

As usual we encourage you to run Microsoft Security Essentials, which contains the full AV signature set from the MMPC, or another reputable AV product, to protect your internet activities.

Scott Wu -- MMPC