We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Microsoft updates Windows to kill Srizbi botnet

Malicious Software Removal Tool adds fix

Microsoft has updated the Malicious Software Removal Tool (MSRT) that ships with Windows so that it will detect and root out the notorious Srizbi botnet code.

"This month's MSRT takes on one of the largest botnets currently active worldwide," wrote Microsoft spokesman Vincent Tiu in a blog posting on Tuesday, the day the update to the software removal tool was released. "Win32/Srizbi has been accused of being responsible for a huge chunk of spam email messages sent in the years after its discovery," he added. "We hope to make a positive impact with the addition of Win32/Srizbi into MSRT."

Because Microsoft's detection software runs on hundreds of millions of computers worldwide, including many that are not running up-to-date antivirus software, a move like this can bring a botnet to its knees. That's what happened in September 2007, when Microsoft added detection for the Storm Worm botnet. Within 24 hours it had removed about 91,000 Storm infections, and soon the botnet was a shadow of its former self, experts say.

However, the results may not be so dramatic this time around. Srizbi was effectively knocked out of action last November when operators of the McColo internet service provider in San Jose, California, were kicked off the internet.

That takedown knocked the Srizbi command-and-control servers out of operation, and only about 1 percent of the botnet is still active. There are, however, several hundred thousand Srizbi-infected PCs out there, all of which are quietly waiting for new instructions, should criminals ever discover a way to reach them now that McColo is out of commission.

Microsoft could have taken a bigger bite out of spam had it targeted another botnet called Xarvester, said Joe Stewart, a botnet researcher with security vendor SecureWorks.

Still he applauded Microsoft's move to clean up the Srizbi-infected computers. "It's good to get them cleaned up, but it's not going to have the impact that it had on Storm."

See Security Advisor for more PC security news and reviews


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...