If you remember our MSRT related blog from few days ago (and if not just scroll down a bit), we informed you that in this month’s free removal tool we would be adding Win32/Rimecud to our list of prevalent malware targeted for removal. We even speculated about a possible connection between it and last month’s addition, Win32/Hamweq. This led us to belief that, given the high detection rate of Win32/Hamweq, we would have a new leader for January’s run of the removal tool. Not to our surprise, this actually happened.

Take a look at our 3-day-run top 20 families chart:

Position

Machine Count

Family

Notes

1

488,090

Rimecud

Worm targeting removable drives and instant messaging with backdoor functionality.

2

274,678

Hamweq

Worm targeting removable drives,  and IRC controlled backdoor

3

237,158

Taterf

Worm targeting network/removable drives, and online game PWS

4

169,562

Renos

Rogue antivirus downloader

5

124,572

Alureon

Data stealing malware that changes DNS settings

6

116,466

Conficker

Network worm and malware downloader

7

90,586

Bredolab

Downloader of numerous malware components

8

85,777

Bancos

Password Stealer targeting predominantly Brazilian banks

9

85,534

FakeSpypro

Rogue antivirus

10

85,018

FakeXPA

Rogue antivirus

11

68,942

Yektel

Rogue antivirus component related to FakeXPA

12

62,250

IRCbot

IRC controlled backdoor

13

61,602

Cutwail

Multiple component downloader and spammer

14

45,972

Brontok

Mass emailing worm

15

39,820

Frethog

Online game password stealer related to Taterf

16

36,637

PrivacyCenter

Rogue antivirus

17

25,931

Winwebsec

Rogue antivirus

18

24,795

Parite

File infecting virus

19

24,588

Jeefo

File infecting virus

20

24,207

FakeVimes

Rogue antivirus

According to the table above, first-ranked Win32/Rimecud had almost twice as many removals as second-ranked Win32/Hamweq. Below is a chart of top ten locales where Rimecud was found and cleaned:

From the table you can also notice that Taterf and Renos maintain a high profile while Conficker dropped in numbers slightly. Another family that declined in removals this month is Cutwail, from 6th to 13th position.

As usual, rogues are also present with FakeSpypro maintaining the 9th position as in December’s report, while FakeXPA dropped in removal numbers from 5th to 10th place. As an important note, we see PrivacyCenter as 16th in the list (it wasn't even a top family last month), ahead of Winwebsec, which had a moderate increase in numbers.

Please keep protecting yourself by running Microsoft Security Essentials, or any other reputable antivirus solution.

Marian Radu
MMPC Dublin