Microsoft Malware Protection Center

This month’s MSRT shows the following top ten most prevalent threat families as of May 19.  The newly added and blogged rogue family, Win32/Winwebsec, is ranked at #17 with 34,792 infected machines. 

A few key takeaways from this telemetry:

• Out of the top 10 threat families six moved higher in ranking compared to last month.  Some of these six threat families like Alureon and Vundo have been around for more than two years while other like Koobface (refer to the recent MMPC Koobface blog) have only been seen in the ecosystem for several months.  This indicates each threat has its own lifecycle and it appears that sometimes malware authors are willing to reinvest in their existing distributions instead of moving to somewhere else.
• Three of the top 10 are password stealer threats.  In fact there are five if you count those two worms, Taterf and Koobface, both of which have critical payload of stealing user data.  Or consider six - Alureon trojan goes for users’ password and credit information as well. Adding them together there are 859,842 machines infected by password stealer threats when we are only talking about the top 10 threats.  Note this is not a direct sum since some machines were infected by more than one of these threats.
• Renos continues to be high on the list and is a major distribution channel for fake Antivirus programs.
• Cutwail drops slightly but stays in the top 10.  This is a spambot that we’ve discussed in different venues including in the recent Waledac blog.

So, not much of a surprise but worth taking note - identity theft, rogues and spammer highly occupy the top 10.  Criminals are going after your wallet especially at this recession time. Be safe.  Make sure you have firewall and AV product installed on your system.

Scott Wu