Microsoft has published details of the most prevalent viruses detected by the Microsoft Removal Tool (MSRT) during May. Seven of the top 25 viruses listed are parasitic viruses, meaning an ‘old school’ malware that attaches, modifies or resides in a host file on the file system.
Top 25 detections by MSRT, May 10 – May 20
Family | Machine Count | Note |
Sality | 202,351 | Classic parasitic virus |
Taterf | 77,236 | Worm |
Rimecud | 65,149 | Worm |
Vobfus | 59,918 | Worm |
Alureon | 58,884 | Evolved parasitic virus |
Parite | 53,778 | Evolved parasitic virus |
Ramnit | 52,549 | Evolved parasitic virus |
Brontok | 50,392 | Worm |
Cycbot | 50,209 | Trojan |
Conficker | 49,173 | Worm |
Renocide | 48,395 | Worm |
Bubnix | 45,712 | Trojan |
FakeRean | 40,695 | Rogue |
Zbot | 40,087 | Trojan |
Bancos | 39,452 | Trojan |
Frethog | 33,100 | Evolved parasitic virus |
Banker | 31,675 | Trojan |
Jeefo | 22,396 | Classic parasitic virus |
Renos | 21,858 | Trojan |
Lethic | 21,521 | Trojan |
Cutwail | 21,222 | Trojan |
Virut | 20,963 | Classic parasitic virus |
Hamweq | 17,102 | Worm |
FakeVimes | 14,899 | Rogue |
Hupigon | 14,553 | Trojan |
The top parasitic virus is Win32/Sality, a family of polymorphic file infectors that target Windows executable files with extensions .SCR or .EXE. They may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.
The top ten also includes Win32/Ramnit, Alureon and Parite which Microsoft have classified as “evolved.” By this MS mean the virus combines earlier and later generations of malicious infection techniques. In the case of Ramnit, Scott Molenkamp noted that the virus was trying to use an old school Office file infection and he remarks that “it is interesting to see that malware authors continue to experiment with both old and new techniques.”