Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Microsoft: Trojans, Bots Are Significant and Tangible Threat

    By
    Ryan Naraine
    -
    June 12, 2006
    Share
    Facebook
    Twitter
    Linkedin

      BOSTON—Microsoft security researchers have used data collected from its MSRT (malicious software removal tool) to produce the clearest picture yet of the malware scourge on Windows — and its not a pretty sight.

      On the eve of the Tech 2006 conference here, the software maker offered a rare glimpse of the extent of infected Windows systems, warning that the threat from backdoor Trojans and bots present “a significant and tangible threat.”

      It is the first public confirmation by Microsoft that well-organized mobsters have established control a global billion-dollar crime network using keystroke loggers, IRC bots and rootkits.

      The report comes as Microsoft introduces Ben Fathi as its new security czar and ahead of a rebranding of Microsoft Client Protection, the companys enterprise anti-spyware software that is now called Forefront Client Security.

      Since the first iteration of the MSRT in January 2005, Microsoft has removed 16 million instances of malicious software from 5.7 million unique Windows machines. On average, the tool removes at least one instance of a virus, Trojan, rootkit or worm from every 311 computers it runs on.

      The most significant threat is clearly from backdoor Trojans, small programs that open a back door to allow a remote attacker to have unauthorized access to the compromised computer.

      The MSRT has removed at least one Trojan from about 3.5 million unique computers. Of the 5.7 million infected Windows machines, about 62 percent was found with a Trojan or bot.

      A bot is a type of Trojan that communications through IRC (Inter Relay Chat) networks. Bots are used to launch spam runs, launch extortion denial-of-service attacks and to distribute spyware programs to unwitting Windows users.

      Matt Braverman, the Microsoft program manager who collated the data and prepared the report, said the startling prevalence of bots proves that the for-profit malware route is lucrative for online criminals.

      Three of the top five most removed malware families are bots – Rbot, Sdbot and Gaobot. The FU rootkit, which is used primarily to hide bots, is number five on the list.

      “The numbers speak for themselves,” Braverman said in an interview with eWEEK. “In addition to the fact that bots are high on the list, were seeing a significant amount of new variants everyday. Were adding detections for about 2,000 new Rbot variants [to the [MSRT] with each release.”

      “Bots are not only active on computers. Its something that the attackers are modifying and turning around quickly. Theyre moving in, corralling a set of users, stealing information, then moving on to the next target,” he explained.

      The data also confirms that rootkits on Windows machines is a “potential emerging threat” but Microsoft does not believe the stealth programs have reached widespread prevalence yet. Of the 5.7 million machines cleaned, 14 percent was infected with a rootkit. However, that number dips to 9 percent if F4IRootkit, a rootkit used as a DRM mechanism in music CDs distributed by Sony BMG, is removed.

      In 20 percent of the cases when a rootkit was found and removed, Braverman said at least one backdoor Trojan was found. This is confirmation that rootkits are being used to hide other piece of malicious software from anti-virus scanners.

      The most prevalent rootkit is the open-source FU rootkit, which is the fifth most removed piece of malware. The Sony rootkit is number 11 on the list while Ispro and Hacker Defender are also listed high.

      Overall, a rootkit was found in approximately 780,000 computers but this number includes the Sony BMG rootkit, which was not considered an offensive/malicious rootkit.

      Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs, believes Microsofts low rootkit detections is not an accurate reflection of the severity of the threat. “Theyre only finding what theyre looking for. The tool will not find the rootkits are we dont know about. We know they are out there and they are becoming harder and harder to find,” Thompson said in an interview with eWEEK.

      Microsofts Braverman acknowledged that there are “known rootkits that are not detected by the tool” but insists the five rootkit families detected by the MSRT represent “a significant portion of rootkits actively affected a large group of users today.”

      Braverman said the most effective technique against rootkits is prevention and urged Windows shops to keep anti-virus signatures up-to-date to get real-time protection. Even so, in some high-assurance corporate environments, Braverman suggested that users weigh the tradeoffs of taking additional steps to disinfect systems found with rootkits.

      He echoed an earlier statement by a Microsoft security official that businesses consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from rootkit infestation.

      “We see that as a last resort but wiping and restoring the OS to its original state is one of a variety of steps we recommend. It should be part of a layered model of dealing with malware,” he added.

      The MSRT data also shows an alarming prevalence of malware linked to social engineering attacks. Worms that spread through e-mail, peer-to-peer networks and instant messaging clients account for 35 percent of computers disinfected.

      “The attackers have become more sophisticated in terms of understanding what end users will click on or execute from an e-mail. They are exploiting a weakness in that situation,” Braverman said.

      E-mail is still the most successful vehicle for social engineering attacks but, according to the data, IM-borne attacks that try to trick users into clicking on a malicious link are less likely to succeed because of advancements in security technology built into IM clients.

      It is against this backdrop that Fathi, Microsofts new security chief, takes over to guide the Redmond, Wash. technology giant through a crucial period in its history.

      Fathi, who most recently served as general manager for Storage and High Availability in the Windows division, will use the TechEd conference to deliver a strategic briefing on building trust in computing.

      He is expected to highlight Microsofts investment in security technologies — in the enterprise and consumer markets -– and position the company as a leader in developing trust in an interconnected world.

      Mike Nash, the long-serving corporate VP who has handed over the security portfolio to Fathi, said the priority for his replacement is a no-brainer.

      “The first priority [for Fathi] is Vista. The second priority is Vista. The third is Vista,” Nash said in an interview with eWEEK.

      “We have to get Vista completed with quality and make sure we build a platform that supports the rest of the industry. One of Bens priorities is to make sure that were explaining to customers how to take advantage of some of the great technologies weve built,” Nash added.

      Microsoft is promising that Windows Vista will feature significant security improvements to thwart malware infestation.

      Based on the picture painted by the MSRT statistics, Vista cant ship fast enough for Fathi.

      /zimages/6/28571.gifTo see reader response to this article, click here.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×