When we first reported on zombie PC networks a couple of years ago, the idea seemed kind of novel. Infect the machines with a malicious program, instruct them where to go for further instructions, and get them to do your nefarious will. Then you can tie a few thousand of them into a single network and auction them off to the highest bidder so that they can be used for spamming or serving up pop-up ads.
It turns out that the idea has become popular. In fact, zombie PCs infected by backdoor Trojan horses are the top security issue according to a new report released by Microsoft. Of the PCs found to contain malware by Microsoft’s Windows Malicious Software Removal Tool over a 15-month period ending in March 2006, over 60 percent of them were part of a zombie network.
The Windows Malicious Software Removal Tool was introduced in January 2005, and since then, has found and removed malware from 5.7 million of the 270 million different computers it has been run on. After bots, the second-most-prevalent form of malware is e-mail worms. Those were found on around 18 percent of PCs with malware infestations.
Rootkits account for a relatively minor number of the total number of infestations, accounting for just under 14 percent of the malware found. Sony’s infamous rootkit was a major source of that particular flavor of malware, which is particularly interesting given the fact that Microsoft was initially reluctant to label it as such. The Windows Malicious Software Removal Tool removed over 260,000 Sony-installed rootkits from users’ PCs.
Figures on spyware infestation were not part of the study, as the Windows Malicious Software Removal Tool does not look for and remove spyware.
Overall, Microsoft’s tool has been run roughly 2.7 billion times on over 270 million different PCs. Only 5.7 million (or 2.1 percent) of those were found to be infected with malware. That is less than might be expected, given the wide publicity security exploits receive, but again, the report doesn’t cover instances of spyware infestation. Having said that, can it be that computer users are finally beginning to take security more seriously? Spyware and malware are very real threats, but a little bit of skeptical computing can go a long way.