Backdoors, Bots Biggest Threats To Windows
Almost two-thirds of PCs that had an infection were infected by a backdoor Trojan, according to Microsoft.
Backdoor Trojans are a clear and present danger to Windows machines, Microsoft said Monday as it released the first-ever analysis of data collected by the 15-month run of its Malicious Software Removal Tool, a utility that seeks out and destroys over five-dozen malware families.
According to Microsoft's anti-malware engineering team, Trojans that, once installed, give an attacker access and control of a PC, are a "significant and tangible threat to Windows users."
- Why Rational Development Solutions for Power?
- 2012 IBM Chief Information Security Officer Assessment
Of the 5.7 million unique PCs from which the Malicious Software Removal Tool (MSRT) has deleted malware, 3.5 million of them -- 62 percent -- had at least one backdoor Trojan.
"Backdoor Trojans are a large part of the malware landscape," said Matt Braverman, program manager on the team, and the author of a report on the tool's data that was released Monday at Boston's TechEd 2006 conference.
Bots, a subset of Trojan horses, were especially "popular" on infected PCs, Microsoft's data showed. Bots are small programs that communicates with the controlling attacker, usually through Internet Relay Chat (IRC) channels, less frequently via instant messaging. Of the top 5 on the MSRT's removed malware list, three families -- Rbot, Sdbot, and Geobot -- were bots.
Once backdoors and bots are accounted for, all other malware types were seen on only a minority of machines.
"Rootkits are certainly present, but compared to other [malware types] they're not extremely widespread yet," added Braverman. A rootkit was present on 14 percent of the nearly 6 million computers that had to be cleaned.
Since it debuted in January 2005, the MSRT has been run some 2.7 billion times on an increasing number of PCs. In March 2006, the last month for which data was compiled, 270 million unique systems ran the tool, which is automatically downloaded and run on systems with Windows/Microsoft Update turned on.
Over those 15 months, the MSFT found malware on one in every 311 computers.
"I think that's a valid, accurate number," argued Braverman, even though the MSFT doesn't detect and delete every form of malicious software, and runs predominantly on Windows XP SP2 (and not at all on older operating systems, such as Windows 98 and Windows NT).
The MSFT data also seemed to validate the long-standing premise that Windows XP SP2 is more secure than earlier Microsoft operating systems, said Braverman.
Although Windows XP SP2 systems account for 89 percent of all machines from which malware was deleted, when the numbers are "normalized" -- to take into account the number of tool executions on each OS -- SP2's rate falls precipitously to just 3 percent.
Together, Windows XP Gold (the original edition launched in October 2001) and Windows XP SP1 account for 63 percent of the deletions when the numbers are normalized.