Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: CXO

Microsoft nukes Zeus malware from 275,000 Windows machines

Summary: One week after adding detections into its malicious software removal tool, Microsoft said it nuked Zeus (also called Zbot) 281,491 times from 274,873 computers.

Ryan Naraine

By for Zero Day |

Microsoft is claiming major success at cleaning the notorious Zeus crimeware trojan from infected Windows machines.

One week after adding detections into its malicious software removal tool, Microsoft said it nuked Zeus (also called Zbot) 281,491 times from 274,873 computers.

According to Redmond's Jeff Williams:follow Ryan Naraine on twitter

Of the 1,344,669 computers cleaned, this is about 1 in 5, a ratio that’s higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family but not exceptionally so.

To put this in greater perspective the removals of Zbot are almost as many as the removals of the #2 and #3 malware families this month combined (Win32/Vundo and Win32/Bubnix respectively). Approximately 86 million computers have run this version of MSRT as we compile this data so we should expect this number to increase as the month continues.

The malicious software removal tool, which is updated and released on the second Tuesday of each month, scans checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software.
ALSO SEE:

Topics: CXO, Hardware, Malware, Microsoft, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

49 comments
Log in or register to join the discussion

  • Good!

    n/t
    wolf_z
    Reply Vote

    • Too little, too late

      They'll just get re-infected again.
      ahh so
      Reply Vote

  • I usually don't have many positive things to say about Microsoft...

    I usually don't have many positive things to say about Microsoft, but I'm glad they're being proactive on this.
    olePigeon
    Reply Vote

    • Let us hope

      @olePigeon
      that the trend continues. MS tends to be painfully cautious at times.
      mdemuth
      Reply Vote

    • ???

      @olePigeon Proactive? By the very definition, this is reactive.
      SpikeyMike
      Reply Vote

      • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

        @SpikeyMike
        If I get up and throw out the trash without my wife nagging me. I am being both reactive (to the trash) and proactive in the eyes of my wife.
        cseeling
        Reply Vote

  • Wow, is reinfection rate that high?

    <i>"Microsoft said it nuked Zeus (also called Zbot) 281,491 times from 274,873 computers."</i><br><br>There are more removals than computers there, that means that some machines got reinfected and the malware had to be removed again.<br><br>If reinfection rate is that high I guess that if they do it again tomorrow they'll be able to remove another 20000 or more viruses from those same machines.

    Things are definitely NOT looking good for Microsoft.
    OS Reload
    Reply Vote

    • Why not?

      @OS Reload

      They're cleaning the computers. That is a good start, however Microsoft cannot protect the user from bad habits that get them infected in the first place.
      The one and only, Cylon Centurion
      Reply Vote

      • bad habits like...

        @Cylon Centurion 0005 ..using Microsoft Windows? That kind of bad habit? Huh? Yes? No? Maybe?
        pgit
        Reply Vote

    • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

      @OS Reload
      ricecube
      Reply Vote

    • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

      @OS Reload Wow you really need to get a job. Focusing useless energy and silly thoughts on a company that makes money and could care less about a gnat. Much like yourself but you are a funny LITTLE person
      ItsTheBottomLine
      Reply Vote

      • Exactly, ItsTheBottomLine. The bottom line is what matters the most

        @ItsTheBottomLine <br> <br>Yes, using your words Microsoft is <i>"a company that makes money"</i> but have you paused to think about how much that is costing you and the world?<br><br>It is costing billions, WEEKLY. Microsoft's <b>vulnerable software</b> is seriously hurting yours and the world's bottom line.<br><br>And I'll just pretend I didn't read that closing line about someone being a little person, even though the word "little" is written in ALL CAPS. But I'll take that line as <b style="font-size:130%">ironic</b> because that's what it really is after all since it comes from someone who abuses the term <b>Bottom Line</b> so much but in practice shows no signs of remotely understanding what it means.
        OS Reload
        Reply Vote

      • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

        @OS Reload - Microsoft can't stop people from installing malware if they continue to click the Yes or OK button every time they see it without actually understanding what they're allowing, so the real solution is two parts:

        1. Fix vulnerabilities when they're found.

        Note: Contrary to what you would have the world believe, vulnerabilities are not something that happens to JUST Windows and Microsoft software, it happens to Apple, Linux distros, Adobe and any other major software package. It's just that since Microsoft and Windows have the lion's share of desktops, it's the one that gets attacked the most.

        2. Educate users to NOT click the OK or YES button every time they see it, instead, do some research on the internet and find out if what they're approving is actually badness.
        PollyProteus
        Reply Vote

      • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

        @OS Reload

        BULL! The fact is that ANY OS can be compromised by malware, whether you are talking about Linux, OSX, or Windows.

        It's time for you to acknowledge that and move on!

        You keep on bashing on Microsoft for these infections, which could happen to ANY OTHER OS THAT IS AS POPULAR AS WINDOWS!
        Also, how many of these machines were still running Windows XP, which should have been phased out by SMART corporations by now in favor of Windows 7, the hard-as-hell to infect new OS from Microsoft.
        Lerianis10
        Reply Vote

      • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

        <i>You keep on bashing on Microsoft for these infections, which could happen to ANY OTHER OS THAT IS AS POPULAR AS WINDOWS!</i><br><br>@Lerianis10<br><br>You can't prove that and you know it. You still cling to the myth that every OS is like windoze and operates the same as windoze. It's a symptom of corporate tools who can't look beyond the comfortable, monopolistic ecosystem they inhabit.

        [i]BULL! The fact is that ANY OS can be compromised by malware, whether you are talking about Linux, OSX, or Windows.[/i]

        Well show us where they are.

        https://help.ubuntu.com/community/Linuxvirus

        Now if you know anything these folks don't know about, I'm sure they'll be happy to hear from you.

        ;)
        ahh so
        Reply Vote

        • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

          @ahh so<br><br>Check this:<br><br><a href="http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html" target="_blank" rel="nofollow"><a href="http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html" target="_blank" rel="nofollow">http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html</a></a><br><br>---<br><br>I had some machines last spring get rooted using similar methods found here:<br><br><a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Wojtczuk" target="_blank" rel="nofollow"><a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Wojtczuk" target="_blank" rel="nofollow">http://blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Wojtczuk</a></a><br><br>and here:<br><br><a href="http://theinvisiblethings.blogspot.com/2009/03/independent-attack-discoveries.html" target="_blank" rel="nofollow"><a href="http://theinvisiblethings.blogspot.com/2009/03/independent-attack-discoveries.html" target="_blank" rel="nofollow">http://theinvisiblethings.blogspot.com/2009/03/independent-attack-discoveries.html</a></a><br><br>Now, one was an XP Pro machine. However, one was a triple boot laptop (XP Pro/ Server 2008/ Fedora Core) and the other was an openSuse machine turned web server.<br><br>It took me almost a month to discover/ remediate the issue. All three required completely draining the machine of power, removal of clock battery / HDD / RAM, then ripping drive data to a clean machine and completely blanking all of the drives (write 0's).<br><br>Linux *is* next! Microsoft is not serving free lunch either... Sure they are doing this as a community service - but, those DDOS / distributed intrusion attacks attacks against their networks get real old, real fast!<br><br>Oh yeah, Microsoft is a grayhat corp ;-) (google SubVirt)<br><br>-X
          0peratorX
          Reply Vote

    • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

      @OS Reload Well they are not using remote exploits. And people who don't konw what they are doing just get reinfected again. Or its possible that it cant detect all versions of it and the machines get reinfected again. Or they are on a network with another infected machine that doesnt have the cleaner running.
      Jimster480
      Reply Vote

    • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

      @OS Reload
      Wow! You don't have a clue. Do you have any idea how many windows machines there are in this world? I have four! Plus, I believe the only ones counted would be the ones that are set up for automatic updates. Here it told here, on ZD Net, not many take this option, supposely for all the problems it supposely cause.

      So, Here is my message: All of you people out there that are not taking advantage of automatic updates, you may be missing an oppurtunity you can no longer afford to miss, regardless of how many time opportunity knocks. Peace!
      eargasm
      Reply Vote

    • that high?

      @OS Reload a little over 7 thousand were re-infected, that versus the 263ish thousand that were not re-infected, it appears as though the majority of people are smarter then not. looks like a gain imho
      OneTwoc21
      Reply Vote

    • RE: Microsoft nukes Zeus malware from 275,000 Windows machines

      @OS Reload
      More likely, some machines were infected in different user accounts, hence count more than once.
      A.Sinic
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close