Microsoft eradicates password stealers from more than two million computers

Posted by Humphrey Cheung

Redmond (WA) – A Microsoft automatic update has eradicated password stealing programs from more than two million computers.  Writing on the TechNet blog, Matt McCormack says the company’s Malicious Software Removal Tool detected and erased Trojan horse programs designed to steal passwords from popular online games like World of Warcraft, Valve’s Steam Client and Lineage Online.  Back on June 10, Microsoft sent an automatic update which upgraded the tool to fight against the password stealers and 700,000 machines were restored in just the first day.

Several malicious programs were wiped out, but most belong to the Win32/Taterf family which is actually a mutation of an earlier password stealing program.  According to Microsoft data, China, Taiwan and Spain had the most infected machines.  The software tool removed the Trojans from more than 500,000 machines in China alone.  Approximately 213,000 machines were cleaned from the United States.

“These are ridiculous numbers of infections my friends, absolutely mind-boggling; many, many whelps,” said McCormack.

The high infection rate in China and Taiwan is probably due to the prevalence of illegal software and the lack of decent anti-virus software.  In addition, Lineage and other online games enjoy a huge following in Asia, but are relatively unknown in the United States.  McCormack believes many of the Trojans are transferred via infected USB drives or network shares.  LAN parties and the prevalence of Internet Cafes in Asia may have something to do with this.

McCormack explains that the password stealing Trojans transfer game logins to a central repository and hackers then try to sell the information to the highest bidder.  Then criminals log into the accounts and steal all of the virtual gold and equipment.  The accounts can also be used to funnel gold to other players.

You can read McCormack's TechNet blog entry here.