September 27, 2016

Microsoft Release Data on Most Prevalent Viruses in May

Microsoft has published details of the most prevalent viruses detected by the Microsoft Removal Tool (MSRT) during May. Seven of the top 25 viruses listed are parasitic viruses, meaning an ‘old school’ malware that attaches, modifies or resides in a host file on the file system.

Top 25 detections by MSRT, May 10 – May 20

Family Machine Count Note
Sality 202,351 Classic parasitic virus
Taterf 77,236 Worm
Rimecud 65,149 Worm
Vobfus 59,918 Worm
Alureon 58,884 Evolved parasitic virus
Parite 53,778 Evolved parasitic virus
Ramnit 52,549 Evolved parasitic virus
Brontok 50,392 Worm
Cycbot 50,209 Trojan
Conficker 49,173 Worm
Renocide 48,395 Worm
Bubnix 45,712 Trojan
FakeRean 40,695 Rogue
Zbot 40,087 Trojan
Bancos 39,452 Trojan
Frethog 33,100 Evolved parasitic virus
Banker 31,675 Trojan
Jeefo 22,396 Classic parasitic virus
Renos 21,858 Trojan
Lethic 21,521 Trojan
Cutwail 21,222 Trojan
Virut 20,963 Classic parasitic virus
Hamweq 17,102 Worm
FakeVimes 14,899 Rogue
Hupigon 14,553 Trojan

The top parasitic virus is Win32/Sality, a family of polymorphic file infectors that target Windows executable files with extensions .SCR or .EXE. They may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.

The top ten also includes Win32/Ramnit, Alureon and Parite which Microsoft have classified as “evolved.” By this MS mean the virus combines earlier and later generations of malicious infection techniques. In the case of Ramnit, Scott Molenkamp noted that the virus was trying to use an old school Office file infection and he remarks that “it is interesting to see that malware authors continue to experiment with both old and new techniques.”