MSRT and MMPC in 2H08 – Microsoft Security Intelligence Report


The MSRT added the following threat families in 2H08.  Rogues and botnet malware were the focus during the six months.













































New Family


Note


Added in


Computers Cleaned by the MSRT in 2H08


Win32/Horst


CAPTCHA breaking threat


July


235,318


Win32/Matcash


Downloader


August


217,610


Win32/Slenfbot


IRC bot


September


598,178


Win32/Rustock


Rootkit spam bot


October


183,858


Win32/FakeSecSec


Rogue AV


November


1,205,329


Win32/FakeXPA


Rogue AV


December


460,931


Win32/Yektel


Rogue AV


December


201,635


This cleaning tool is deployed to 450 million Windows machines every month through Windows Update (WU) and Automated Update (AU).  It is one of the major data sources for the Security Intelligence Report (SIR).  At Microsoft when it comes to decide what new threat families to be included by MSRT we analyze the threat prevalence, the impact to the ecosystem, to the Windows users and to our partners.  In 2009 we added Banload, Conficker, Srizbi, Koobface and Waledac to the MSRT. We also take requests from our colleagues in the industry as Jeff Williams mentioned in his Koobface blog where the recent cooperation with Facebook was a good success.


MSRT is not the only data source for the SIR.  Combining MSRT with other Microsoft products and tools, Microsoft observed the following top 25 threat families worldwide.  Besides the rogue related threat families, online game password stealers (PWS) are also very notable on the list – Taterf, Frethog, Lolyda, Tilcun are all game PWS.



For more information about malware and potentially unwanted software, or other Microsoft security intelligence please visit www.microsoft.com/SIR


–Scott Wu

Comments (0)