We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft updates Windows to kill Srizbi botnet

Malicious Software Removal Tool adds fix

Microsoft has updated the Malicious Software Removal Tool (MSRT) that ships with Windows so that it will detect and root out the notorious Srizbi botnet code.

"This month's MSRT takes on one of the largest botnets currently active worldwide," wrote Microsoft spokesman Vincent Tiu in a blog posting on Tuesday, the day the update to the software removal tool was released. "Win32/Srizbi has been accused of being responsible for a huge chunk of spam email messages sent in the years after its discovery," he added. "We hope to make a positive impact with the addition of Win32/Srizbi into MSRT."

Because Microsoft's detection software runs on hundreds of millions of computers worldwide, including many that are not running up-to-date antivirus software, a move like this can bring a botnet to its knees. That's what happened in September 2007, when Microsoft added detection for the Storm Worm botnet. Within 24 hours it had removed about 91,000 Storm infections, and soon the botnet was a shadow of its former self, experts say.

However, the results may not be so dramatic this time around. Srizbi was effectively knocked out of action last November when operators of the McColo internet service provider in San Jose, California, were kicked off the internet.

That takedown knocked the Srizbi command-and-control servers out of operation, and only about 1 percent of the botnet is still active. There are, however, several hundred thousand Srizbi-infected PCs out there, all of which are quietly waiting for new instructions, should criminals ever discover a way to reach them now that McColo is out of commission.

Microsoft could have taken a bigger bite out of spam had it targeted another botnet called Xarvester, said Joe Stewart, a botnet researcher with security vendor SecureWorks.

Still he applauded Microsoft's move to clean up the Srizbi-infected computers. "It's good to get them cleaned up, but it's not going to have the impact that it had on Storm."

See Security Advisor for more PC security news and reviews


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia