14 DAY TRIAL // In addition to being adapted to fight the Conficker worm, the January 2009 release of the Malicious software removal tool from Microsoft is also designed to tackle a family of password-stealing Trojans. In this regard, MSRT January 2009 comes to the table with signatures capable of identifying and cleaning infections not only related to Worm:Win32/Conficker.A and Worm:Win32/Conficker.B, but also for Win32/Banload.
“This family of malware is known to download and execute variants of both Win32/Bancos and Win32/Banker – which are both malware families of password stealing trojans. Typically, they attempt to capture online banking credentials and other sensitive information. The data gathering is performed by various means, such as key-logging,” Microsoft's Scott Molenkamp revealed.
According to Molenkamp, the Banload family of malicious code is characterized by its longevity, first of all. Microsoft indicated that the password stealing Trojans reunited under the Banload label had been active for years, and continued to steal bancking credentials for their authors. “Of particular note, the Microsoft Malware Protection Centre (MMPC) receives more reports from MSRT for Win32/Bancos and Win32/Banker than any other single source,” Molenkamp added.
The software giant unveiled that the data harvested via the Malware Removal Tool January 2009 indicated that the security solution detected Win32/Banload on no less than 78,729 machines. At the same time, Win32/Banker infected 92,108 computers, while Win32/Bancos compromised 133,024 systems.
“The total number of unique machines detected with at least one of Banload, Banker, Bancos is 249,808. It should be noted that this is less than the summation of the machine counts listed above. This is due to the overlapping reports from a machine affected by multiple families. In fact, 39,933 unique machines reported a combination of threats from two families, and 7,060 machines reported threats from all three families,” Molenkamp concluded.
Malware Removal Tool January 2009 is available for download here.