Bot spotting Microsoft style

The latest half-year figures compiled using Microsoft's Malicious Software Removal Tool (MSRT) are in, and botnets have risen to the top of the threat table.

Of the four million PCs the tool cleaned during the first half of 2006, half had botnet-related software on them, mostly Win32/Rbot, Win32/Sdbot, and a rather interesting one called Win32/Hupigon. The latter nasty is one of the growing number of bot Trojans built using cheap but effective DIY kits.

Bots pose such a threat because where large numbers of variants are circulating for a particular Trojan family (the three mentioned in the last paragraph account for a staggering 41 164 between them), bots allows infected PCs to be easily updated with a new piece of malware. This will probably be detected by security software, but it might not, because in some respects at least it is new. There is no guarantee.

A tricky malicious program has become more prevalent in spam, but experts don't know what its creators plan to do with it, reports ComputerWorld.

Many vendors are rating the malware - called "Warezov", "Stration" and "Stratio" - as a low risk. But they also say that it is tricky to deal with.

The malware is a mass-mailing worm that affects machines running Microsoft's Windows OS. When the malware infects a computer - usually after the user has opened an attachment containing the worm in a spam e-mail - it sends itself out again to other e-mail addresses found on the computer. The code is then capable of downloading new versions of itself as frequently as every 30 minutes from a batch of Web sites, said Mikko Hypponen, chief research officer at F-Secure, a security company in Helsinki.

While the current generation of viruses for mobile phones is largely a theoretical problem, its rapid evolution means it will pose a major threat in the future, ZDNet reports.

"What took 20 years to develop on the PC has taken about two years on mobile devices," David Emm, senior technology consultant for Kaspersky Lab, told a conference on business continuity in London recently.

"We have seen fully functional backdoor Trojans written for mobile devices. It's not the earth-shattering threat you might read about, but the threat is real."