14 DAY TRIAL // When it first equipped Malicious Software Removal Tool (MSRT) to deal with the PWS:Win32/Zbot malware family, Microsoft managed to clean infections from no less than 444,292 computers in the first month alone.
However, security is very much an evolving cat and mouse game, and the cybercriminals behind the password-stealing Trojan are constantly bettering their malicious code to compromise more PCs and do what it does best, steal sensitive data from users.
Also referred to as Zeus, Zbot has certainly grown since the Malicious Software Removal Tool started hunting it initially.
This forced the Redmond company to push an update to MSRT, tailoring the tool to the specific evolution of Zbot / Zeus.
The refresh increased the effectiveness of the Malicious Software Removal Tool against Zbot, revealed Matt McCormack, MMPC Melbourne, and this was clearly visible in an explosion in the volume of Zeus infections removal in September 2011, the month when the update went live.
“Historically, and prior to the September 2011 release, MSRT consistently detected about 90% of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand, which we can attribute the increase to additional technology added to MSRT for just such an occasion,” McCormack said.
At the time McCormack shared the new statistics, MSRT has removed Zbot from 88,765 machines, but the number is believed to eventually increase to approximately 100,000.
“These increased numbers are also likely a result of new functionality we've seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it's not very surprising we're seeing it now - but is surprising we hadn't seen it before now,” McCormack added.
The Malicious Software Removal Tool (MSRT) is available for download here.