Windows Trojan and Bot Statistics for 2005

There's an article over at eWeek that provides some interesting insight into the number of Windows machines infected with Bots and Trojans from January 2005 to date. Keep in mind that these numbers only include numbers from Microsoft's "Malicious Software Removal Tool" and not anti-virus vendors such as Symantec and Trend Micro. I've been told by persons I consider experts in the bot field that there are around 300 million malware infected Windows machines on the Internet (give or take a few).

Since the first iteration of the MSRT in January 2005, Microsoft has removed 16 million instances of malicious software from 5.7 million unique Windows machines. On average, the tool removes at least one instance of a virus, Trojan, rootkit or worm from every 311 computers it runs on.

The most significant threat is clearly from backdoor Trojans, small programs that open a back door to allow a remote attacker to have unauthorized access to the compromised computer.

The MSRT has removed at least one Trojan from about 3.5 million unique computers. Of the 5.7 million infected Windows machines, about 62 percent was found with a Trojan or bot.

A bot is a type of Trojan that communications through IRC (Inter Relay Chat) networks. Bots are used to launch spam runs, launch extortion denial-of-service attacks and to distribute spyware programs to unwitting Windows users.

Matt Braverman, the Microsoft program manager who collated the data and prepared the report, said the startling prevalence of bots proves that the for-profit malware route is lucrative for online criminals.

Three of the top five most removed malware families are bots – Rbot, Sdbot and Gaobot. The FU rootkit, which is used primarily to hide bots, is number five on the list.

"The numbers speak for themselves," Braverman said in an interview with eWEEK. "In addition to the fact that bots are high on the list, we're seeing a significant amount of new variants everyday. We're adding detections for about 2,000 new Rbot variants [to the [MSRT] with each release."

So… if your interested in learning more on botnets check out Shadowserver. If have a windows file that you suspect may have malware code in it you can upload it to Norman Sandbox or Virus Total for a free analysis.
With the situation like it is it's a wonder more people with even the basics of computer use arent running Linux.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: