Surveying the Hamweq-age – Threat Reports for MSRT December


In the week since its release on December 8, MSRT has cleaned over 2.5 million machines of malware. The new family for December was Win32/Hamweq, an IRC controlled backdoor which spreads via removable drives. Hamweq was removed from 638,491 machines, making it the most prevalent family for the month, with around double the number of removals of Win32/Taterf, the next most prevalent family. Taterf, which is perennially one of the highest reported families by MSRT, also had more than twice the number of removals of the third most prevalent family.

Listed below are some of the families with high numbers of removals for this month.

Machines Cleaned

Family Name

Notes

638491

Hamweq

Worm targeting removable drives,  and IRC controlled backdoor

319998

Taterf

Worm targeting network/removable drives, and online game PWS

156549

Conficker

Network worm and malware downloader

104577

Renos

Rogue antivirus downloader

100050

FakeXPA

Rogue antivirus

98725

Cutwail

Multiple component downloader and spammer

90472

Alureon

Data stealing malware that changes DNS settings

72231

Frethog

Online game password stealer related to Taterf

62394

Bancos

Password Stealer targeting predominantly Brazilian banks

60109

FakeSpypro

Rogue antivirus

57645

Yektel

Rogue antivirus component related to FakeXPA

54908

Brontok

Mass emailing worm

51150

Koobface

Multiple component worm targeting social networking sites

43035

Bredolab

Downloader of numerous malware components

34029

Parite

File infecting virus

31441

IRCbot

IRC controlled backdoor

30400

Jeefo

File infecting virus

27964

Virut

File infecting virus with IRC controlled backdoor

24361

Zlob

Multiple component malware family that downloads arbitrary files

24057

RJump

Worm targeting removable drives

23950

Banker

Password Stealer targeting predominantly Brazilian banks

23377

Banload

Downloader of bank password stealers

22462

FakeVimes

Rogue antivirus

20564

Rustock

Rootkit enabled backdoor used to assist with sending of spam

19294

Vundo

Adware downloader

15814

Winwebsec


Comments (0)