Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Saturday, June 21, 2008

Microsoft targets password stealers

Microsoft’s June 10 update of its Malicious Software Removal Tool (MSRT) was updated to detect and remove game password-stealing malware.  As you all probably know by now, this month in MSRT was a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games.  The main offender in this motley crew of badness is Win32/Taterf.

Frethog is just a drop in the ocean of malware we’re seeing coming out of China nowadays, many of which are targeting online games.  Frethog had proved to be as prevalent as we expected too, with detections on over 200,000 distinct machines.

I know that it is in Microsoft’s interests to carry out Windows Genuine Advantage checks for some downloads to make sure they are not going to pirates, but I think that a periodic scan with the MSRT would be far more beneficial to the wider computing community.

There are a lot of people out there who don’t have the first clue about how to keep their PCs safe, and only some of these people are going to be regularly downloading patches, so it would be good for Microsoft to come up with ways that exposes a greater number of systems to the MSRT.

Posted on 06/21