The Internet has always had its share of malware, spyware, viruses and many other malicious tools created by the many darksiders that roam the free-Web. What’s the most common type of malware on the Internet you ask? Well, it’s not Viruses or even Botnet code. Maybe password-stealing worms designed to victimize online gamers?
Microsoft said Thursday it had removed nearly 1 million samples of a particularly virulent password-stealing worm identified in the first half of February. The company’s Malicious Software Removal Tool (MSRT) rooted out more than 900,000 copies of a family of programs called Win32/Taterf, commonly known as a program for stealing usernames and passwords for games such as World of Warcraft and Legend of Mir.
Taterf has been especially widespread for months now but there’s an even nastier worm sliming through holes in the Windows RPC Server Service. Known variously as “Conficker” or “Downadup,” it’s been infecting an average of one million machines a day. At this point 10 million machines have been compromised, but potential victims could total more than 300 million, according to the specialist at Secureworks.
Microsoft removed more than 700,000 copies of it in one day alone last year. The worm is a mutated version of another password stealer, known as Win32/Frethog of which Microsoft has zapped nearly 317,000 copies of Frethog this month.
Online passwords are a popular target because they can be turned to cash, often in untraceable ways. The criminals use the hacked accounts to steal characters and virtual gold or other virtual belongings, which are often sold to fans who pay real-world cash.
Even though China has traditionally been the top spot for password-stealing infections, this trend seems to be shifting. In the first week of February, the top three countries ranked by number of Taterf infections, were the U.S., Taiwan and Korea, respectively.
The MSRT is available free of charge to Windows users, and it gets monthly updates from Microsoft. Because it is so widely used, it can have a major effect on any piece of malware. MSRT is credited with crushing the notorious Storm worm in 2007.
This month Microsoft added MSRT detection for another notorious botnet, called Srizbi. Total number of Srizbi infections removed since the update: 38,697.
-Arkady Igantov contributed to this report.