Microsoft has revealed that it removed nearly 1 million samples of a particularly virulent password-stealing worm in the first half of February. The company's Malicious Software Removal Tool (MSRT) rooted out more than 981,000 copies of a family of programs called Win32/Taterf, best known for stealing usernames and passwords for games such as World of Warcraft, Legend of Mir and Gamania.
Taterf has been especially widespread for months now. Microsoft removed more than 700,000 copies of it in one day alone last year. The worm is a mutated version of another password stealer, known as Win32/Frethog - Microsoft has killed nearly 317,000 copies of Frethog this month.
Online passwords are a popular target because they can be turned to cash, often in untraceable ways. The criminals use the hacked accounts to steal characters and virtual gold or other treasures, which are then sold to fans who pay real-world cash.
Although China has traditionally been the top spot for password-stealing infections, that seems to be changing, Microsoft said in a blog posting. In the first week of February, the top three countries, ranked by number of Taterf infections, were the US, Taiwan and Korea, respectively.
The MSRT is available free of charge to Windows users, and it gets monthly updates from Microsoft. Because it is so widely used, it can have a major effect on any piece of malware. MSRT is credited with crushing the notorious Storm worm in 2007.
This month Microsoft added MSRT detection for another notorious botnet, called Srizbi. Total number of Srizbi infections removed since the update: 38,697.