Many Windows computers have been turned into zombies, but fortunately, rootkits are not yet widespread.
A startling discovery is that after 311 system scans, Microsoft’s security tool – Windows Malicious Software Removal Tool (WMSRT) – consistently finds a computer infected with malware.
The data released by Microsoft is noteworthy as it was collected from over 270 million customers using WMSRT, a tool provided with the Windows operating system.
![]() |
Source: SecurityLabs |
From January 2005 to March 2006, WMSRT removed over 16 million various types of malware from 5.7 million computers. It has been used to scan systems 2.7 billion times and detected a “suspicious face” at a rate of 0.32%, equivalent to 1 in every 311 scans.
In recent years, there has not been a significant outbreak of viruses; however, users face a plethora of other risks such as identity theft, rootkits, and phishing. What does Microsoft think about this reality—is it improving or actually getting worse?
“It’s a tough question to answer“, Matthew Braverman, director of Microsoft’s malware department, shrugged. Braverman noted that capturing a comprehensive picture of the malicious actors’ activities is “impossible,” but the situation seems somewhat better.
Over a 15-month monitoring period, Microsoft observed that the number of malware families disseminated has decreased from 53 families of worms, rootkits, and viruses to 41. In reality, the reduction to 21 variants marks a significant “progress,” decreasing by 71% compared to two years ago.
“Clearly, the malware issue has become more optimistic“, Braverman stated.
Trojan – The Most Common Threat
The backdoor Trojan is the most significant and evident risk for Windows users, Microsoft asserts.
Once infected with a backdoor Trojan, a computer can be taken over by hackers and turned into a zombie at any time. Many zombies form a botnet, which is the tool hackers use to “command their troops” and carry out their operations.
Moreover, hackers steal users’ personal information, install spyware and adware on machines to earn additional compensation from advertisers.
Following Trojans are email worms—they have been detected and removed from over 1 million computers.
The most common attack method is tricking victims into running malware. Worms spread through email, P2P networks, and instant messaging software account for more than a third of the computers scanned by Microsoft’s tool.
Rootkit – A Threat Yet to Reveal Itself
![]() |
Source: SecurityLabs |
However, not all malware detected by Braverman’s team originates from hackers.
A prime example is the infamous rootkit software from Sony BMG Music. This rootkit was found over 420,000 times and installed on more than 250,000 computers. This indicates that many users had… reinstalled this rootkit after removing it from their machines.
Following this scandal, Sony was forced to recall millions of CDs containing the aforementioned rootkit software. Matters worsened when hackers began exploiting this rootkit to spread malicious software.
Microsoft predicts that the trend of rootkits collaborating with other forms of malware will continue and increase in the future. They found rootkits in 14% of computers infected with worms, viruses, and various Trojans.
WMSRT currently has a version in 24 languages, catering to users of Windows 2000, Windows XP, and Windows Server 2003. The latest version can detect and remove 61 different families of malware. You can access and install it from Microsoft’s website.
Thien Y