14 DAY TRIAL // After it buried the Waledac botnet last month, Microsoft is gunning for another network of zombie computers this month with an update to the Malicious Software Removal Tool (MSRT). Like Microsoft Security Essentials, the Malicious Software Removal Tool is available free of charge, but unlike MSE, MSRT is only designed to tackle a limited number of malicious samples, and is served automatically to Windows users through Windows Update as an Important download.
Concomitantly with the 16 new security bulletins released this month, the software giant also started pushing a new version of MSRT set up to detect and remove Win32/Zbot.
The Zbot botnet is created by computers infected with malware produced by the ZeuS Builder, a malicious toolkit.
Zbot infected machines are used with predilection in attacks targeting backing institutions, including the Bank of America.
“Although the malware itself is quite complex and varied, the technical acumen required to use and distribute it is actually quite low,” explained Matt McCormack, MMPC Melbourne, Australia.
“Toolkits to create the malware are easily attainable and quite simple to use.”
In the Security Intelligence Report volume 9 (SIRv9), Microsoft notes that Win32/Zbot is the 14th most active botnet family worldwide.
Microsoft security solutions have already helped customers to clean over 230,000 zombie computers, 107,363 in Q1 2010, and 131,078 in Q2 2010.
“Underground forums are teeming with questions ranging from the very basics about configuring the malware to people boasting about the size of their botnets,” McCormack added.
“Even the botnet controllers are themselves quite varied, from apparent hobbyists to those that likely have more nefarious intent.
“This family is quite prolific even if the intent behind some of the botnets is unclear. That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are.
“Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights.”
The Malicious Software Removal Tool (MSRT) is available for download here. Microsoft Security Essentials 1.0 is available for download here.