Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
If you remember our MSRT related blog from few days ago (and if not just scroll down a bit), we informed you that in this month’s free removal tool we would be adding Win32/Rimecud to our list of prevalent malware targeted for removal. We even speculated about a possible connection between it and last month’s addition, Win32/Hamweq. This led us to belief that, given the high detection rate of Win32/Hamweq, we would have a new leader for January’s run of the removal tool. Not to our surprise, this actually happened.
Take a look at our 3-day-run top 20 families chart:
Position Machine Count Family Notes 1 488,090 Rimecud Worm targeting removable drives and instant messaging with backdoor functionality. 2 274,678 Hamweq Worm targeting removable drives, and IRC controlled backdoor 3 237,158 Taterf Worm targeting network/removable drives, and online game PWS 4 169,562 Renos Rogue antivirus downloader 5 124,572 Alureon Data stealing malware that changes DNS settings 6 116,466 Conficker Network worm and malware downloader 7 90,586 Bredolab Downloader of numerous malware components 8 85,777 Bancos Password Stealer targeting predominantly Brazilian banks 9 85,534 FakeSpypro Rogue antivirus 10 85,018 FakeXPA Rogue antivirus 11 68,942 Yektel Rogue antivirus component related to FakeXPA 12 62,250 IRCbot IRC controlled backdoor 13 61,602 Cutwail Multiple component downloader and spammer 14 45,972 Brontok Mass emailing worm 15 39,820 Frethog Online game password stealer related to Taterf 16 36,637 PrivacyCenter Rogue antivirus 17 25,931 Winwebsec Rogue antivirus 18 24,795 Parite File infecting virus 19 24,588 Jeefo File infecting virus 20 24,207 FakeVimes Rogue antivirus
Position
Machine Count
Family
Notes
1
488,090
Rimecud
Worm targeting removable drives and instant messaging with backdoor functionality.
2
274,678
Hamweq
Worm targeting removable drives, and IRC controlled backdoor
3
237,158
Taterf
Worm targeting network/removable drives, and online game PWS
4
169,562
Renos
Rogue antivirus downloader
5
124,572
Alureon
Data stealing malware that changes DNS settings
6
116,466
Conficker
Network worm and malware downloader
7
90,586
Bredolab
Downloader of numerous malware components
8
85,777
Bancos
Password Stealer targeting predominantly Brazilian banks
9
85,534
FakeSpypro
Rogue antivirus
10
85,018
FakeXPA
11
68,942
Yektel
Rogue antivirus component related to FakeXPA
12
62,250
IRCbot
IRC controlled backdoor
13
61,602
Cutwail
Multiple component downloader and spammer
14
45,972
Brontok
Mass emailing worm
15
39,820
Frethog
Online game password stealer related to Taterf
16
36,637
PrivacyCenter
17
25,931
Winwebsec
18
24,795
Parite
File infecting virus
19
24,588
Jeefo
20
24,207
FakeVimes
According to the table above, first-ranked Win32/Rimecud had almost twice as many removals as second-ranked Win32/Hamweq. Below is a chart of top ten locales where Rimecud was found and cleaned:
From the table you can also notice that Taterf and Renos maintain a high profile while Conficker dropped in numbers slightly. Another family that declined in removals this month is Cutwail, from 6th to 13th position.
As usual, rogues are also present with FakeSpypro maintaining the 9th position as in December’s report, while FakeXPA dropped in removal numbers from 5th to 10th place. As an important note, we see PrivacyCenter as 16th in the list (it wasn't even a top family last month), ahead of Winwebsec, which had a moderate increase in numbers.
Please keep protecting yourself by running Microsoft Security Essentials, or any other reputable antivirus solution.
Marian RaduMMPC Dublin