[Infowarrior] - Microsoft Releases Windows Malware Stats

Richard Forno rforno at infowarrior.org
Mon Jun 12 14:56:27 EDT 2006


Microsoft Releases Windows Malware Stats
http://blog.washingtonpost.com/securityfix/2006/06/microsoft_releases_malwar
e_sta.html

Microsoft today gave the world a rare -- albeit conservative -- glimpse of
its view on just how bad the virus and bot problem has gotten for Windows
users worldwide. The data comes from 15 months' worth of experience scanning
computers with its "malicious-software removal tool," a free component that
Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when
they download security updates from Microsoft.

The tool has been run approximately 2.7 billion times by at least 270
million unique computers, leading to the removal of 16 million instances of
malicious software from 5.7 million unique Windows-based computers over the
past 15 months, Microsoft said. Sixty-two percent of those computers had
Trojan horse programs on them.

Microsoft found that most of those Trojan programs took the form of bot
software, which allows attackers to remotely control the infected machines
for use in all sorts of online criminal activities, from knocking Web sites
offline to spreading viruses, spam, adware and spyware. Bots in the Rbot,
Sdbot, and Gaobot families made up three of the top five slots in terms of
number of removals. (There are hundreds of variants of each of those bot
programs, and usually several new ones surface each week.)

Microsoft also acknowledged an increasing prevalence of "rootkits," software
that hackers and viruses can use to hide their presence once they have
broken into a computer system. The company found rootkits in 780,000
machines, or 14 percent of those it treated. Microsoft noted that this
figure drops to 9 percent (530,000 PCs) if you don't count the rootkit
distributed via some Sony music CDs. In 20 percent of the cases when a
rootkit was found on a computer, at least one backdoor Trojan was found as
well, Microsoft said.

The statistics also show how computer worms never really go away. For
example, the "Blaster worm," which first surfaced in August 2003, is still
the 10th-most-removed piece of malware, according to Microsoft. Indeed,
Redmond found that in about 20 percent of cases where it removed malware in
March 2006, the intruder was something the removal tool had previously
nixed. The continued high rate of Blaster infections no doubt is due in
large part to the number of people who re-install Windows for whatever
reason and do not immediately apply security updates or take other
precautions necessary for surfing the Internet with a Windows machine, such
as using firewall and anti-virus software.

Microsoft chose an interesting time and manner in which to issue these
numbers. The company said it was releasing the data to coincide with its
TechEd 2006 conference, but the figures can only help Microsoft sell more
subscriptions to its new OneCare Live anti-virus and computer security
suite.

Posted by Brian Krebs | Permalink | 




More information about the Infowarrior mailing list