Microsoft's June 10 update of its Malicious Software Removal Tool (MSRT) was updated to detect and remove game password-stealing malware. The results are pretty amazing - more than 2 million PCs disinfected in the first week (out of some 330 million downloads of the MSRT).
As you all probably know by now, this month in MSRT was a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games. The main targets are mostly based in Eastern Asia (Lineage Online, Legend Of Mir, ZT Online just to name a few), but World of Warcraft and Valve’s Steam client are high on the hit-list too – you didn’t escape that easily.
The main offender in this motley crew of badness is Win32/Taterf. Taterf has been running hot the last few months, constituting over 80% of the April and May Wildlists. The worm itself is actually a mutation of Win32/Frethog, being based off the same source code. Frethog is just a drop in the ocean of malware we’re seeing coming out of China nowadays, many of which are targeting online games.
Onto the numbers! After its first day in MSRT, Taterf components had been removed from over 700,000 machines! For comparison, Win32/Nuwar (aka ‘Storm worm’) was removed from less than half that in its first month. These are ridiculous numbers of infections my friends, absolutely mind-boggling; many, many whelps. Frethog had proved to be as prevalent as we expected too, with detections on over 200,000 distinct machines.
Those are some staggering numbers, and show just how far and wide this kind of malware has spread.
The MSRT is a tool that I'd like to see Microsoft roll out more widely. I know that it is in Microsoft's interests to carry out Windows Genuine Advantage checks for some downloads to make sure they are not going to pirates, but I think that a periodic scan with the MSRT would be far more beneficial to the wider computing community.
There are a lot of people out there who don't have the first clue about how to keep their PCs safe, and only some of these people are going to be regularly downloading patches, so it would be good for Microsoft to come up with ways that exposes a greater number of systems to the MSRT.