MSRT December 2014

This month is our final release of the Malicious Software Removal Tool (MSRT) for 2014.

Although we didn’t add any new malware families, we updated the tool with the latest detection and remediation capabilities for the malware families added in previous releases.
 
Since January 2014, there have been more than seven billion successful MSRT installs via Microsoft Windows Update. This is an average of 500 million installs every month. The MSRT detected and successfully removed malware on more than 5.6 million machines.
 
We choose the families we add to the MSRT using several criteria, but one of the common reasons is a family’s prevalence in the ecosystem. Looking at our data from the past year, there are a few families that stand out:

  • Win32/Jenxcus
  • In February, we added Win32/Jenxcus, a worm coded in VBScript that is capable of propagating via removable drives. Since adding this family, the MSRT detected this family on more than 719,000 machines.
  • Early in the year, based on data collected from Microsoft antimalware products being used worldwide, we saw Jenxcus encounters on more than 1.8 million machines a month. As the year went on there was some decline, with just over 1.1 million encounters during November.
  • Win32/Wysotot
  • We added Win32/Wysotot in March. This trojan family is usually installed by software bundlers that advertise free software or games. The MSRT has since detected this family on more than 225,000 machines.
  • In October 2013, our real-time protection products reported more than 2.8 million Wysotot encounters. By February 2014, encounters had decreased to 1.08 million, and have continued to decrease during the rest of 2014. Last month just over 157,000 Wysotot encounters were reported.
  • Win32/Hikiti
  • Another highlight occurred in October, when the MSRT participated in a Coordinated Malware Eradication (CME) initiative. Win32/Hikiti was added to the tool along with several related malware families.
  • The October release was a great opportunity for the MSRT to take part in a successful campaign and work with many industry partners to provide the necessary remediation coverage.

Reviewing our data throughout the year helps us determine the impact of our detection and remediation efforts. The MSRT helps provide additional protection to the majority of Windows machines, especially for customers who do not have any type of antimalware protection installed. It's not a replacement for a real-time antimalware solution, such as Microsoft Security Essentials, however, by analyzing our telemetry we can do our best to provide coverage for the most prevalent threats.
 
We are continuing to monitor threats and look forward to our first monthly MSRT release for 2015.

Adrienne Wu
MMPC


Microsoft Malware Protection Center
Secure Hunter Anti -Malware