"Storm" ... fight back

Discussion in 'Security, Spyware and Viruses' started by muckshifter, Sep 22, 2007.

Thread Status:
Not open for further replies.
  1. muckshifter

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,509
    Likes Received:
    11
    Location:
    In a Hovel
    Microsoft quietly added detection of the "Storm" family of malware to the September build of its Malicious Software Removal Tool. The MSRT is released as part of the monthly security update cycle (although I do wish it was updated more often - it can be an extremely effective tool in the fight against malware, as you will see from this article).

    Jimmy Kuo of the Anti-Malware Engineering Team has posted some very interesting statistics and snippets of background information about the effect that adding detection of "Storm" had on Windows PCs (and the Storm botnet) around the world which illustrates just how powerful the MSRT can be in the fight against malware.

    Jimmy reports that:

    "The Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this month’s MSRT from 2,574,586 machines.

    So, despite some public concern in the press and among researchers about the “Storm” worm, it ranks third among the families of malware whose signatures have been added to the MSRT."

    Sadly, as has always been the case in this type of battle, the criminals behind Storm fought back quickly. Jimmy went on to say that:

    "Another antimalware researcher who has been tracking these recent attacks has presented us with data that shows we knocked out approximately one-fifth of “Storm’s” Denial of Service (DoS) capability on September 11th. Unfortunately, that data does not show a continued decrease since the first day. We know that immediately following the release of MSRT, the criminals behind the deployment of the “Storm” botnet immediately released a newer version to update their software. To compare, one day from the release of MSRT, we cleaned approximately 91,000 machines that had been infected with any of the number of Nuwar components. Thus, the 180,000+ additional machines that have been cleaned by MSRT since the first day are likely to be home user machines that were not notably incorporated into the daily operation of the “Storm” botnet. Machines that will be cleaned by MSRT in the subsequent days will be of similar nature."

    The Malicious Software Removal Tool is offered as a critical update via Microsoft Update, Windows Update, and Auto Update to any computer that is running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003. Comprehensive information about the MSRT, and download links, can be found here:
    http://support.microsoft.com/?kbid=890830



    An important note about the MSRT:

    "**W32/HackDef typically hides other potentially unwanted software on the computer. If the cleaner tool reports that W32/HackDef was detected on the computer, we strongly recommend that you run a scan with up-to-date antivirus and antispyware programs (see http://www.microsoft.com/athome/security/spyware/default.mspx). If you want to view the software that W32/HackDef was hiding, first open the log file for the cleaner tool (%WINDIR%\debug\mrt.log). Next, in the Scanning Results section, find the line or lines that note the folder in which Win32/Hackdef was found. In that same folder, you should find the Win32/Hackdef configuration file that has the .ini file name extension. View this file to determine the software that Win32/HackDef was hiding on the computer."

    msmvps.com/blogs/spywaresucks


    [​IMG]
     
    muckshifter, Sep 22, 2007
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. muckshifter

    Todays Spam in a Can ... another Storm brewing

    muckshifter, Aug 27, 2007, in forum: Security, Spyware and Viruses
    Replies:
    0
    Views:
    670
    muckshifter
    Aug 27, 2007
  2. muckshifter

    Storm attack strikes back

    muckshifter, Oct 13, 2007, in forum: Security, Spyware and Viruses
    Replies:
    0
    Views:
    726
    muckshifter
    Oct 13, 2007
  3. muckshifter

    New "Storm" brewing out there.

    muckshifter, Oct 18, 2007, in forum: Security, Spyware and Viruses
    Replies:
    4
    Views:
    872
    floppybootstomp
    Oct 18, 2007
  4. muckshifter

    Storm Worm Botnet Lobotomizing Anti-Virus Programs

    muckshifter, Oct 30, 2007, in forum: Security, Spyware and Viruses
    Replies:
    0
    Views:
    685
    muckshifter
    Oct 30, 2007
  5. sittinart

    Sending Storm or Connections to microsoft-ds

    sittinart, Oct 18, 2009, in forum: Security, Spyware and Viruses
    Replies:
    0
    Views:
    2,168
    sittinart
    Oct 18, 2009
Loading...
Thread Status:
Not open for further replies.

Share This Page