Microsoft says botnets widely distributed
Microsoft has released its Security Intelligence Report for the first six months of 2010. Compared to other European countries, the UK ranks third for the number of malware infections observed by Microsoft, behind France and Spain, but before Germany and Italy.
In the first six months of 2010, almost 1.9 million Windows PCs were infected – and that's just those which were detected as being infected by Microsoft by means of its Malicious Software Removal Tool, Microsoft Security Essentials and other security products. The data is based on more than 450 million computers worldwide and analysis of billions of websites and messages sent via Microsoft's Hotmail email service.
Source: Microsoft Microsoft registered and removed 156,000 bot infections in the second quarter of 2010 (representing an infection rate of 1.4%). The global leader in absolute terms was the USA with 2.2 million infected computers, while North Korea took the laurels for the highest proportion of infected systems at 14.6% (one PC in six).
The bot most frequently observed in Germany, for example, was Alureon, which made up 30% of infections and includes rootkit functionality. Alureon hit the headlines at the start of this year, when a Microsoft update on (unwittingly) infected computers triggered blue screens of death. The update unintentionally revealed the presence of the rootkit on many PCs.
According to Microsoft, ZeuS (a.k.a. ZBot) and the relatively unknown Rimecud are on the rise. The former is not a single bot controlled by a single group of criminals, but a modular system which bot herders can use to put together custom malware. ZBot plays a major role in looting bank accounts and beating TAN authentication. Microsoft yesterday reacted to this by adding routines for detecting and removing ZeuS bots to its Malicous Software Removal Tool (MSRT).
In view of the growing threat posed by botnets, Microsoft Vice President for Trustworthy Computing Scott Charney, at last week's ISSE 2010 security conference in Berlin, proposed isolating infected computers from the web. He explained that his model was the public health system, which places people suffering from highly contagious diseases in quarantine to prevent them infecting others.