The blog of the Microsoft Anti-Malware Engineering team, which makes our fine Forefront Client Security anti-malware engine, reports on the recent wave of “Storm” malware:
In August, Microsoft’s Malware Protection Center (MMPC), the group of researchers responsible for each month’s additions to the Malicious Software Removal Tool (MSRT), decided to add this family to the September MSRT release based on its prevalence.
The Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this month’s MSRT from 2,574,586 machines.
So, despite some public concern in the press and among researchers about the “Storm” worm, it ranks third among the families of malware whose signatures have been added to the MSRT.
Another antimalware researcher who has been tracking these recent attacks has presented us with data that shows we knocked out approximately one-fifth of “Storm’s” Denial of Service (DoS) capability on September 11th. Unfortunately, that data does not show a continued decrease since the first day. We know that immediately following the release of MSRT, the criminals behind the deployment of the “Storm” botnet immediately released a newer version to update their software. To compare, one day from the release of MSRT, we cleaned approximately 91,000 machines that had been infected with any of the number of Nuwar components. Thus, the 180,000+ additional machines that have been cleaned by MSRT since the first day are likely to be home user machines that were not notably incorporated into the daily operation of the “Storm” botnet. Machines that will be cleaned by MSRT in the subsequent days will be of similar nature.