On TV.com: Latest DEXTER Renewed My Faith
BNET Business Network:
BNET
TechRepublic
ZDNet
248 TalkBacks

By Joris Evers
Posted on ZDNet News: Jun 12, 2006 1:00:00 PM

A correction was made to this story. Read below for details.

Many Windows PCs have been turned into zombies, but rootkits are not yet widespread, according to a Microsoft security report slated for release Monday.

More than 60 percent of compromised Windows PCs scanned by Microsoft's Windows Malicious Software Removal Tool between January 2005 and March 2006 were found to be running malicious bot software, the company said. The tool removed at least one version of the remote-control software from about 3.5 million PCs, it added. That's compared with an overall 5.7 million machines with infections overall.

"Backdoor Trojans…are a significant and tangible threat to Windows users," Microsoft said in the report.

A computer compromised by such a Trojan horse, popularly referred to as a zombie PC, can be used by miscreants in a network of bots, or "botnet", to relay spam and launch cyberattacks. Additionally, hackers often steal the victim's data and install spyware and adware on PCs, to earn a kickback from the spyware or adware maker.

Microsoft introduced the Windows Malicious Software Removal Tool in January last year. An updated version of the program ships monthly with Microsoft's security updates. The tool aims to identify and remove prevalent malicious software from PCs. Since its release, it has run about 2.7 billion times on at least 270 million computers, Microsoft said.

Over the 15-month period covered by the report, the tool found that 5.7 million of unique Windows systems were infected. It removed 16 million instances of malicious software from these systems, Microsoft said.

Backdoor Trojans are the most prevalent threat, followed by e-mail worms, which were found on and removed from just over 1 million PCs, Microsoft said. Rootkits, which make system changes to hide another piece of possibly malicious software, are less widespread, with removals from 780,000 PCs.

"Rootkits…are a potential emerging threat but have not yet reached widespread prevalence," Microsoft said in the report. This contrasts with a study from McAfee, which in April said the numbers of rootkits it sees are rising sharply.

Rootkits lunged into the public spotlight last year when anticopying software on certain Sony BMG Music Entertainment CDs was found to contain a rootkit. Microsoft added detection and removal capabilities for the Sony rootkit in December, and its tool wiped off the software 250,000 times, according to the report.

The Windows Malicious Software Removal Tool found a rootkit on 14 percent of the 5.7 million PCs it removed malicious software from. This figure drops to 9 percent when excluding the Sony rootkit. In about 20 percent of the cases when a rootkit was found on a computer, at least one backdoor Trojan was found as well, Microsoft said.

Attacks in which a victim is tricked into running malicious software are a significant source of infections. Worms that spread through e-mail, peer-to-peer networks and instant messaging clients account for just over one-third of the computers cleaned by the Microsoft tool, the Redmond, Wash., software maker said.

The top five threats identified by Microsoft's removal tool: Rbot, Sdbot, Parite, Gaobot and FURootkit. Parite is an aggressive file-infecting virus that first appeared in 2001, Microsoft said, and the FURootkit is often used to hide a backdoor Trojan such as Rbot, Sdbot and Gaobot on a PC.

The free Windows Malicious Software Removal Tool is available in 24 languages to people who use Windows 2000, Windows XP and Windows Server 2003. The current release of the tool is capable of detecting and removing 61 families of malicious software, Microsoft said. It can be accessed at the company's Web site.

 

Correction: This story incorrectly described the PCs found to be running bot software in scans by Microsoft's Windows Malicious Software Removal Tool. The scans found that 60 percent of compromised PCs were running the malicious software.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 248 Talkback(s)
To say...
...Windows NT came from VMS is like saying that Linux comes from SCO Unix. Perhaps VMS did have some influence on the design concepts of NT, but I haven't heard of VMS code going ... (Read the rest)
Posted by: Colonel Panijk Posted on: 06/21/06 You are currently: a Guest | | Terms of Use
Microsoft: Zombies most prevalent Windows threat  Loverock Davidson | 06/12/06
You mean "Dawn Of The Dead."  I'm Ye, the MS SHILL . | 06/12/06
No  Loverock Davidson | 06/12/06
No We're Tired Of Your Worthless Drivel  itanalyst | 06/12/06
Better than your ranting...  No_Ax_to_Grind | 06/12/06
Look, Bitty Crawled Out Of His Wheelchair  itanalyst | 06/12/06
How about posting some worthwhile comments?  quantumstate | 06/12/06
what?  st!lborn | 06/12/06
Shawn of the Dead Rocked!  Psyjack | 06/12/06
Good to know  Loverock Davidson | 06/12/06
vista - day of the dead  not of this world | 06/13/06
Smart stuff....  bportlock | 06/12/06
Ok  Loverock Davidson | 06/12/06
No, They Should Have Fixed It BEFORE Release  itanalyst | 06/12/06
You don't do R&D do you?  nucrash | 06/12/06
No excuse for not doing testing  buran | 06/12/06
you can't be serious  Sxooter_z | 06/12/06
geese dude, wtf?  st!lborn | 06/12/06
Windows would be my last choice  MacGeek2121 | 06/12/06
What's wrong with Ubutu?  fromthehip | 06/12/06
Well for starters  yyuko@... | 06/12/06
actually yyuko@...  phburks | 06/12/06
your point?  phburks | 06/12/06
You want a "REAL" OS? One word:  Code Poet | 06/12/06
Tell Sun that.  libertyaikido | 06/12/06
An OS is not anything like a car  Cayble | 06/12/06
Don't completely agree...  blackfalconsoftware@... | 06/12/06
Good point!  Cayble | 06/12/06
ZD-Net Plays you like a TOOL  Code Poet | 06/12/06
That's so true, Code Poet.  sykandtyed | 06/12/06
I agree  ricemark20-20681816699547236215965074268522 | 06/13/06
Bad Link Dude  Uncle Buck | 06/13/06
But wait a minute, people tell me there are no problems with Windows.  DonnieBoy | 06/12/06
You aren't a liar, are you DonnieBoy?  NonZealot | 06/12/06
When you learn how to read?or add?  Cayble | 06/12/06
Hey1 Cayble (guy)  sykandtyed | 06/12/06
Nice try  Cayble | 06/12/06
Loverock, I'm well aware that you write...  sykandtyed | 06/12/06
Spyware to remove spyware  baggins_z | 06/12/06
Runs as part of install.  Anton Philidor | 06/12/06
not spyware to remove spyware  cgkiller1220 | 06/12/06
undetectable  SQLServer | 06/12/06
That could be the answer  quantumstate | 06/12/06
60%?  Linux User 147560 | 06/12/06
Just want to add the following...  Linux User 147560 | 06/12/06
Exactly!!!  itanalyst | 06/12/06
you mean "could NOT care less"  mombo | 06/12/06
Great example!!  NonZealot | 06/12/06
Nice try but no go...  Linux User 147560 | 06/12/06
Yup, it is a go  NonZealot | 06/12/06
Here is the difference  itanalyst | 06/12/06
In response....  mypl8s4u2 | 06/12/06
And I'm sure one day that apples will fall up  NonZealot | 06/12/06
Linux is an OS that not just anyone can load  Psyjack | 06/12/06
I reckon most folks could load linux  quantumstate | 06/12/06
RE: In response....  richdave | 06/12/06
Thats right  DemonX | 06/12/06
DOH!  Linux User 147560 | 06/12/06
yeah!  DemonX | 06/12/06
No compensation for legal users  uno@... | 06/12/06
But my Linux boxes  Linux User 147560 | 06/12/06
RE: But my Linux boxes  richdave | 06/12/06
Yup, I have said it before and I will re-iterate it here  Linux User 147560 | 06/12/06
It appears that someone didn't fully understand the EULA  osreinstall | 06/12/06
Oh I understood it but  Linux User 147560 | 06/12/06
Then you don't accept it.  osreinstall | 06/12/06
Uh did you miss the part where I stated that I  Linux User 147560 | 06/12/06
Did not miss any of your points  osreinstall | 06/12/06
But my original point stands  Linux User 147560 | 06/12/06
I can dream too.  osreinstall | 06/12/06
Fundemental difference with a Doctor is  Linux User 147560 | 06/12/06
Making beds and lying in them.  osreinstall | 06/12/06
What the hell is the 'GNL'?  Jim Blaine - Bellingham WA. | 06/12/06
Are you going to misbehave here too?  osreinstall | 06/12/06
And, that is the problem, why is it legal for MS to have such agreements,  DonnieBoy | 06/12/06
Ask a lawyer DonnieBoy.  osreinstall | 06/12/06
don't get me started...  st!lborn | 06/12/06
Think of all the harm being done to the unsuspecting user  MacGeek2121 | 06/12/06
Pity Linux User can't read  gordon@... | 06/12/06
60% of one 50% of the other  Linux User 147560 | 06/12/06
5.7 million machines with infections overall.  swoopee | 06/12/06
60%?  andy_r | 06/12/06
Not quite 60%  EdwardT | 06/12/06
WHERE IS NONZEALOT TO TELL US THIS IS NOT TRUE? (N.T.)  theo_durcan | 06/12/06
Better provide links before you slander!!!  NonZealot | 06/12/06
So please explain  theo_durcan | 06/12/06
Sure, right after you explain this  NonZealot | 06/12/06
SOME EXPLANATION FOR YOU, SIR  theo_durcan | 06/12/06
Embarassed?  TxTopgun | 06/12/06
Ah, thanks for that!  NonZealot | 06/12/06
Ha! Now thats funny  Cayble | 06/12/06
Bad analogy  GuidoMuldoon | 06/12/06
Nice try  NonZealot | 06/12/06
The Tale of The Giant Rat of Sumatra  GuidoMuldoon | 06/12/06
The OS is the battlefield not the internet  voska | 06/12/06
Wrong, its a reasonable analogy  Cayble | 06/12/06
Simple  Linux User 147560 | 06/12/06
The Masses vs. the specialists  lalogos | 06/12/06
Yes but.....  mypl8s4u2 | 06/12/06
Point by point  feskridge@... | 06/12/06
Finally, the voice of reason!  NonZealot | 06/12/06
Prolem with Run As  Linux User 147560 | 06/12/06
Another voice of reason!  NonZealot | 06/12/06
It's a design issue all right  Linux User 147560 | 06/12/06
You want to get into semantics?  NonZealot | 06/12/06
Sure why not!  Linux User 147560 | 06/12/06
LU 147560: It is a good point to debate  NonZealot | 06/12/06
Design Issues the blame can be spread pretty far  voska | 06/12/06
Excellent points Voska...  Linux User 147560 | 06/12/06
Some of this stuff is missing the point  Cayble | 06/16/06
Re: Simple  none none | 06/12/06
Low Standards  Harry Bardal | 06/12/06
Ouch ouch ouch!!  NonZealot | 06/12/06
No, neither Harry or I agree with you  Linux User 147560 | 06/12/06
Self Congratulation  Harry Bardal | 06/12/06
Poor, poor Harry  NonZealot | 06/12/06
Quote  Harry Bardal | 06/12/06
Careful what you suggest Harry!!!!  NonZealot | 06/12/06
Retraction  Harry Bardal | 06/12/06
Right above you, blaming the user  Chad_z | 06/12/06
So your Windows pc is bogged down with spyware...  Anton Philidor | 06/12/06
Not Good Enough  Harry Bardal | 06/12/06
An operating system is "meant" to do...  Anton Philidor | 06/12/06
So your Windows pc is bogged down with spyware...  uM0p ap!sdn | 06/12/06
Please stop. Think about helping others.  Cardhu | 06/13/06
Microsoft: Windows most prevalent Windows Threat  Hi_C | 06/12/06
More than 60%...  Anton Philidor | 06/12/06
Correction  Anton Philidor | 06/12/06
no Zombies on Linux  Linux Geek | 06/12/06
Hehe, thanks for that!!  NonZealot | 06/12/06
it has been patched long ago  Linux Geek | 06/12/06
404 on the link...  Linux User 147560 | 06/12/06
I'll try again  NonZealot | 06/12/06
RE:I'll try again  GreyGeek | 06/12/06
Patched?  NonZealot | 06/12/06
RE:Patched?  GreyGeek | 06/12/06
I see you have no answer  NonZealot | 06/12/06
Thank you.  makerofbeating | 06/13/06
tell me, what kernel was that?  st!lborn | 06/12/06
Re: Hehe, thanks for that!!  none none | 06/12/06
What's with you and shooting down Linux?  deltatux | 06/12/06
Consistent quality  Chad_z | 06/13/06
helpful  nhac | 06/12/06
Screw that stick with Unix  IronCladChicken | 06/13/06
Here's Something ZDNet Won't Post  itanalyst | 06/12/06
consent?  st!lborn | 06/12/06
Of course there's a way to disable it...  itanalyst | 06/12/06
thanks for teh lin.  st!lborn | 06/12/06
It's funny  ccrashh2@... | 06/12/06
More than 60% of Windows users are zombies  christexan@... | 06/12/06
reason?  st!lborn | 06/12/06
That's a Fix?  John Zern | 06/12/06
But the requirements for SW said  Psyjack | 06/12/06
Time for an arithmetic lesson?  Mark_L | 06/12/06
hmm  st!lborn | 06/12/06
Ask and ye shall receive.  swoopee | 06/12/06
Excellent catch!  NonZealot | 06/12/06
Sharing?  bmgoodman | 06/12/06
Time for some advanced math.  Myles Kurant | 06/12/06
I believed a statement in the article...  Anton Philidor | 06/12/06
More than 60% of "compromised" Windows PC's  tomk@... | 06/12/06
Title misleading  ccrashh2@... | 06/12/06
The Internet is da Bomb.  Myles Kurant | 06/12/06
In typical ZDNet fashion...  3D0G | 06/12/06
Color ZDNet...  Mark_L | 06/12/06
Where the 60% came from  3D0G | 06/12/06
Edited?  Mark_L | 06/12/06
I always hated word problems ...  rbriem | 06/12/06
I always hated after-the-fact ediing  Mark_L | 06/12/06
The wording in the article was changed...  Anton Philidor | 06/12/06
RE: Time for an arithmetic lesson?  GreyGeek | 06/12/06
Better correct your post  NonZealot | 06/12/06
Article says COMPROMISED systems.  linux for me | 06/14/06
The original article said 60% of all PCs  Mark_L | 06/14/06
Backdoor Trojans  GrizzledGeezer | 06/12/06
Come Again?  st!lborn | 06/12/06
how long before crooks clean out all online bank accounts?  dabruro | 06/12/06
My banker tells me that her bank is 100%  BXLE | 06/13/06
A tip for all the Windows users  TripleII | 06/12/06
Or better yet  itanalyst | 06/12/06
Agree, but even Ax can't fault my idea  TripleII | 06/12/06
Well, you have to remember  itanalyst | 06/12/06
You deserve a good swift  Linux User 147560 | 06/12/06
bravo  Bite Me_Ax_Moron | 06/14/06
Linux - Windows Compatibility  Cardhu | 06/13/06
Cardhu: Have you considered this?  999ad@... | 06/13/06
Thanks, Yes  Cardhu | 06/13/06
No guarantee, but not what I am suggesting  TripleII | 06/13/06
Hmmmm. . . .  999ad@... | 06/13/06
Please stop and think from a parent's point of view  Cardhu | 06/13/06
Way off track now  TripleII | 06/13/06
From my experience in the fields  zmud | 06/12/06
I think the problem is more complex  MacGeek2121 | 06/12/06
Stop right there  Bill4 | 06/12/06
Partially right  Leria | 06/12/06
I disagree  voska | 06/13/06
Surprised they admit to having that info  xvqgdr6 | 06/12/06
You're surprised!? So am I.  999ad@... | 06/12/06
If you hammer your thumb...  Anton Philidor | 06/12/06
Most interesting perspective, Anton  999ad@... | 06/12/06
Satisfying the felicific calculus.  Anton Philidor | 06/12/06
Uhh hold on there cheer leader...  Linux User 147560 | 06/12/06
Exaggeration  Anton Philidor | 06/12/06
Exaggeration  uM0p ap!sdn | 06/12/06
What's really odd ...  fredsmith6 | 06/14/06
MS never had security in mind  Bite Me_Ax_Moron | 06/14/06
Misleading or plain wrong!  3p | 06/12/06
RE: Misleading or plain wrong!  Crunchy_z | 06/12/06
Plain wrong  Mark_L | 06/13/06
Cars and computers  MobyMud | 06/12/06
VMS?  Colonel Panijk | 06/13/06
WRONG - Windows NT came from VMS  Mark_L | 06/14/06
To say...  Colonel Panijk | 06/21/06
dazed and confused  mypl8s4u2 | 06/12/06
For once they're right, Microsoft zombies ARE the biggest threat!  critic-at-arms | 06/12/06
No, Zdnet posters  Boot_Agnostic | 06/12/06
a brain zombie  humble99 | 06/12/06
Attention All Posters  bmonster | 06/12/06
Agreed, as far as it goes  TripleII | 06/12/06
You're reading an edited version of the story  Mark_L | 06/12/06
No not those burried in 2 feet of concrete....  DontFeedTrolls | 06/13/06
How to tell a broken system from a broken system patched by MS  Daemeon.Reiydelle@... | 06/12/06
So this is telling me that  Psyjack | 06/12/06
My maths must be off ....  fredsmith6 | 06/12/06
And this just in to further support the problem  Linux User 147560 | 06/12/06
Okay now that I am finished laughing...  Linux User 147560 | 06/12/06
More info please  NonZealot | 06/12/06
Info is what we're short of .....  fredsmith6 | 06/13/06
micro and sun java are not the same thing  not of this world | 06/13/06
To further destroy your credibility...  3D0G | 06/13/06
Right, thanks .. and now ...  fredsmith6 | 06/14/06
You are blaming the wrong party.  osreinstall | 06/12/06
Because you know users...  Linux User 147560 | 06/12/06
Yeah.....  osreinstall | 06/12/06
It's simply amazing to me  wininpitt | 06/12/06
t's simply amazing to me lol  uM0p ap!sdn | 06/12/06
All those n00bs are in Enterprise business?  wininpitt | 06/13/06
ho hum  nhac | 06/12/06
whoops  nhac | 06/12/06
POOR NONZEALOT  theo_durcan | 06/12/06
perhaps, just perhaps.....  JoeMama_z | 06/12/06
the fun  Psyjack | 06/13/06
Unplugging the computer from the network  voska | 06/13/06
make a sec Policy template...  JoeMama_z | 06/13/06
Dear Seeker of Truth,  BXLE | 06/13/06
The result of irresponsible computing and security  Kobashrer | 06/13/06
That's it.. I'm Tired of this..  sys6656 | 06/13/06
Buy a new OS?  NonZealot | 06/14/06

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
advertisement

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and