A free security tool is slaughtering the Zbot botnet, having cleaned the malware responsible for harvesting zombie computers from almost 280,000 machines.
In just a few days, MSRT has delivered a heavy blow to the network of zombie computers, with a few hundred thousand PCs having been cleaned.
MSRT was refreshed and offered to all Windows users via Windows Update on October 12, as a part of the company’s monthly release of security bulletins.
“Since the release of MSRT on Tuesday we have removed Zbot 281,491 times from 274,873 computers and is the #1 family of malware removed (which is not uncommon the month a family is added),” revealed Microsoft’s Jeff Williams.
“Of the 1,344,669 computers cleaned, this is about 1 in 5, a ratio that’s higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family but not exceptionally so.”
The tackling of Zbot is just the latest move from Microsoft in the ongoing war the software giant is waging against botnets worldwide.
“To put this in greater perspective the removals of Zbot are almost as many as the removals of the #2 and #3 malware families this month combined (Win32/Vundo and Win32/Bubnix respectively),” Williams added.
“Approximately 86 million computers have run this version of MSRT as we compile this data so we should expect this number to increase as the month continues.”
In the company’s recent Security Intelligence Report focused on the first half of 2010, Microsoft is warning that botnets are a cradle for cybercrime and that more needs to be done in order to kill this threat for good.
Scott Charney, Corporate Vice President, Trustworthy Computing proposed that governments, law enforcement agencies, software companies, etc. come together in support for a Global Collective Defense on the Internet during the International Security Solutions Europe (ISSE) Conference in Berlin, Germany
The Global Collective Defense on the Internet involves applying Public Health principles to the web, and quarantine infected PCs, not allowing malware to spread.
Win32/Zbot “is a complex threat with techniques employed to make removal by AV challenging and which necessitated advances in the technology we use. The threat is aimed at theft of credentials (often financial) and, according to the FBI, part of a major theft ring which, as the result of cooperation between law enforcement in several countries, led to numerous arrests this month,” Williams explained.