I don't think it will work 100%. This makes the assumption that WU is turned on. For those with legit installations and do have WU on, it will work.
But I have a feeling this infection will remain prevalent despite Microsoft attacking back.
On the heels of a spate of arrests and law enforcement crackdown on the notorious Zeus identity-theft gang, Microsoft is moving swiftly to nuke the Zeus trojan from Windows computers.
The company has added Zeus disinfection instructions onto its malicious software removal tool (MSRT), a move the company hopes will disable the botnet of infected WIndows machines.
The free tool, which is updated and released on the second Tuesday of each month, scans checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software.
According to Microsoft’s Matt McCormack, underground forums are teeming with questions ranging from the very basics about configuring the Zeus malware to people boasting about the size of their botnets. ”Even the botnet controllers are themselves quite varied, from apparent hobbyists to those that likely have more nefarious intent,” he explained
This family is quite prolific even if the intent behind some of the botnets is unclear. That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are. Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights.
In the past, Microsoft has used the MSRT utility to disable the Storm botnet and to remove major worms like Sasser and Blaster.
Brian Krebs is reporting that Zeus botnet activity is already on the wane (see image above).
