Wednesday, November 18, 2009 2:05 PM
by
mmpc
A Peek at MSRT November Threat Reports
By continuing to include new variants of the existing threat families, the MSRT has removed malware from more than 1.5 million machines three days after its release on 10 November. This month we’ve also added Win32/FakeVimes and Win32/PrivacyCenter to the MSRT detection and have removed these new rogues from more than 110,000 machines.
A lot of the top threat families are no strangers if you refer to our previous blog posts, or our recent published Security Intelligence Report.
- Out of these prevalent threat families worldwide, 8 are password stealers collecting online game credentials, online banking passwords or other user identities of users’ online accounts.
- 8 of them are fake security products or trojan downloaders for rogues. The MSRT now covers the following most high profile rogues
- 5 are trojan downloaders or droppers, a threat category which is often an infection vector to deliver drive-by malware to the victims’ computers.
- Win32/Koobface is still on top 25 though it has dropped out of top 10. Online Social Network sites such as Facebook continues to boost their security hardening to protect their customers and we welcome their actions.
- Win32/Zlob had dropped out of the list in recent months after being extremely prevalent for almost three years. We observed that the Zlob authors appeared to move to somewhere else in our Oct 2008 blog and Jan 2009 blog.
|
Family |
Computers Cleaned |
Most Significant Category |
Notes |
|
Taterf |
239,870 |
Worms |
online game PWS |
|
Alureon |
141,358 |
Miscellaneous Trojans |
data stealing trojans modifying DNS settings |
|
Bancos |
138,803 |
Password Stealers & Monitoring Tools |
Brazil online banking PWS |
|
Renos |
115,970 |
Trojan Downloaders & Droppers |
AV rogues downloaders |
|
FakeXPA |
96,466 |
Miscellaneous Trojans |
AV rogues |
|
Yektel |
90,982 |
Trojan Downloaders & Droppers |
AV rogues |
|
FakeVimes |
78,749 |
Miscellaneous Trojans |
AV rogues |
|
Cutwail |
78,161 |
Trojan Downloaders & Droppers |
Spambot |
|
FakeSpypro |
57,534 |
Miscellaneous Trojans |
AV rogues |
|
Frethog |
54,764 |
Password Stealers & Monitoring Tools |
online game PWS |
|
Bredolab |
48,323 |
Trojan Downloaders & Droppers |
mass downloader |
|
IRCbot |
40,259 |
Backdoors |
old spambot with traditional C&C |
|
Vundo |
38,481 |
Miscellaneous Trojans |
adware downloaders |
|
Koobface |
36,300 |
Worms |
web2.0 worm targets social networking sites |
|
Brontok |
35,531 |
Worms |
mass-mailing e-mail worms |
|
PrivacyCenter |
34,726 |
Miscellaneous Trojans |
AV rogues |
|
Banker |
28,293 |
Password Stealers & Monitoring Tools |
Brazil online banking PWS |
|
Banload |
25,166 |
Password Stealers & Monitoring Tools |
Brazil online banking PWS |
|
Jeefo |
23,887 |
Viruses |
parasitic file-infector virus |
|
Virut |
22,549 |
Viruses |
viruses evolved with backdoor behaviors |
|
FakeRean |
20,603 |
Miscellaneous Trojans |
AV rogues |
|
FakeScanti |
20,222 |
Miscellaneous Trojans |
AV rogues |
|
Parite |
20,076 |
Viruses |
Prevalent viruses in Asia |
|
Lolyda |
19,210 |
Password Stealers & Monitoring Tools |
online game PWS |
|
RJump |
18,452 |
Worms |
Worm targeting removable devices |
As usual we encourage you to run Microsoft Security Essentials, which contains the full AV signature set from the MMPC, or another reputable AV product, to protect your internet activities.
Scott Wu -- MMPC
