Programs that allow an attacker to control a compromised computer, such as backdoor Trojan-horse programs and bot software, account for the lion's share of malicious code removed by the Microsoft's automated cleaning tool, the company said on Monday. The data, scheduled to be presented at Microsoft's TechEd conference in Boston, could be the most detailed look at malicious-code infection trends to date. The data is collected anonymously by the company's malicious code removal tool, which has been executed some 2.7 billion times on more than 270 million computers in the past 15 months. The tool, designed to seek out and remove 61 different variants of malicious code, found more than 16 million infections on more than 5.7 million Windows PCs, Microsoft stated in its whitepaper released on Monday. The tool detected and removed backdoor Trojans from about 62 percent of infected PCs, while the subcategory of bot software accounted for three of the top-five slots in the company's list of most prevalent malicious software. PC users apparently learned their lessons. Microsoft found that malicious software does not typically reinfect previously infected PCs , but migrates to compromise other hosts. Nearly 80 percent of the computers on which infections were found in March 2006 did not have a previous infection, the software giant stated. Microsoft first released the malicious code removal tool five months after the Blaster worm spread throughout the Internet, infecting more than 25 million computers. The Blaster worm, also known as Lovsan and MSBlast, continues to be the most prevalent vulnerability-exploiting program removed by Microsoft's tool, infecting more than 85,000 computers in the nine months ending March 2006. The top-three programs consisted of the RDBot family with 1.9 million PCs infected, the SDBot family with 678,000 PCs infected, and the Parite file-infecting virus with 330,000 PCs infected, according to the software giant. securityfocus.com
