As of October 21st, the MSRT has removed the newly added threat, Win32/FakeScanti from 56,700 infected machines. For this month, it was the 12th most prevalent threat family worldwide and 7th in the US. Overall the MSRT has cleaned 2,516,235 machines this month from all kinds of malware infections.

We all know the threat landscape is not homogenous across geographic regions.  Let’s take a look at US, China, and Brazil as a case study.

United States

China

Brazil

Family

Threats

Machines Cleaned

Family

Threats

Machines
Cleaned

Family

Threats

Machines Cleaned

Alureon

       147,387

            117,351

Lolyda

          77,781

               72,863

Taterf

          72,464

            70,069

 Taterf

       121,988

            116,217

Frethog

          21,927

               20,042

Bancos

          67,577

            59,414

FakeXPA

       108,026

            103,578

Ceekat

            9,440

                 8,767

Frethog

          33,455

            32,009

Renos

          69,147

              55,461

Conficker

            8,899

                 8,427

Banker

          27,421

            26,420

FakeRean

          78,067

              53,376

Hupigon

            5,127

                 4,879

Conficker

          19,664

            18,398

Yektel

          52,259

              51,061

Parite

            7,518

                 4,592

Banload

          18,617

            18,121

FakeScanti

          70,120

              50,260

RJump

            3,875

                 2,552

Cutwail

            8,452

              5,269

Frethog

          51,038

              49,526

Brontok

                980

                     969

Alureon

            3,656

              3,053

 Daurso

          32,205

              32,150

Taterf

            1,177

                     963

Renos

            3,192

              2,228

Koobface

          43,640

              27,793

Corripio

                980

                     855

IRCbot

            1,929

              1,874

FakeSpypro

          26,530

              26,242

Sdbot

                776

                     770

Brontok

            1,768

              1,739

  Note: Rogues in italics; Password Stealer (PWS) bolded

Some key takeaways:

  • In the US (as well as other English speaking countries) rogues are predominant.  Six of the top ten threat families in the US are rogues or rogue-related trojan downloaders. This poses a challenge for the end users to identify the legit AV products when there are so many rogue products popping up on the users’ machines. 
  • Six of the top ten threat families in China are password stealers, most of which are hunting for online gamers’ credentials.
  • Six of the top ten threat families in Brazil are also password stealers, though a lot of them (Bancos, Banker and Banload) tend to target online banking credentials in Brazil.

We close, as we always do, by urging you to take action and protect yourself. 

Scott Wu