Microsoft cleaned 6.5 million zombie PCs during April-June 2010

Microsoft cleaned in excess of 6.5 million zombie computers between April and June 2010, but the company’s efforts alone are not enough to put a stop to the increasing threat that botnets represent to users, businesses and critical infrastructure.

At the RSA Conference Europe 2010 in London, Adrienne Hall, general manager, Microsoft Trustworthy Computing, revealed that botnets have evolved to become a critical resource fueling cybercrime.

Marius Oiaga writes that Hall’s vision is underlined in the latest volume of the Microsoft Security Intelligence Report, namely SIRv9 which offers insight on the threat presented by networks of infected computers, also known as zombie PCs, which are controlled collectively by attackers.

“The SIRv9 report is an interesting insight into the most prevalent and dangerous cyber threat right now,” revealed Jeff Jones, director of Trustworthy Computing, Microsoft.

“It’s clear that the evolution of the botnet is a major concern and something Microsoft is taking extremely seriously.

“As well as the prominent rise in infections on a global scale, data from this year’s report has also shown that cybercriminals are now using more sophisticated techniques like botnets to further their reach of potential victims.”

Oiaga writes that while a zombie PC may appear as functioning under normal parameters to unsuspecting victims, fact is that such infected machines are part of larger botnets which are used by cybercriminals to commit various attacks, from sending spam, to phishing, identity theft, Denial of Service (DoS), click fraud and advance fee fraud.

Microsoft is one of the exponents of the disruption efforts that various players on the security market, including members of the software industry, law enforcement agencies, government entities, and academics have taken against botnets and botnet herders.

In the first half of September 2010, the Redmond company managed to drive the final nail into the Waledac coffin, putting to rest a major botnet which at one point contained in excess of 100,000 zombie PCs.

The software giant killed the Waledac botnet through consistent efforts and collaboration with additional companies involved in the security industry as well as with governmental agencies, in what it referred to as Operation b49.

“Despite these successes, we must accept that information technology is complex and many people are unwilling or unaware as to how they can protect their data and their machines,” Hall explained.

“In a globally connected society, users of infected computers not only put their own information at risk, but put other Internet users at risk too.

“Therefore, addressing the problem of cybercrime requires creativity, innovative thinking and collaboration to improve the health of all devices connected to the Internet.”

Botnets are without a doubt a global problem. According to SIRv9, U.S. users are most at risk, with the largest number of botnet infections being detected in the United States.

The Redmond company noted that it identified over 2.2 million zombie computers in the United States in the second half of 2010. Runner up is Brazil with 550,000 botnet infections, and the third place goes to Spain with 382,000, the largest number in Europe.

Oiaga notes that Win32/Rimecud is the most active botnet family in the second quarter of 2010. In the first half of 2010, Microsoft’ssecurity solutions cleaned over 3.5 million zombie PCs which had been infected with Rimecud.

The second most prevalent botnet is Win32/Alureon with approximately 2.5 million computers cleaned in the first half of this year.

Having been cleaned from over two million machines, the third position is reserved for Win32/Hamweq.

Microsoft is stressing that more needs to be done in order to tackle the global threat of botnets, but also additional malware, and to tackle cybercrime.