Microsoft Reveals Details About “Rotbrow” Malware Infection Rate

“Rotbrow” Malware Infection Rate

Microsoft released its Security Intelligence Report (SIR) this past Wednesday, an updated document it lets out twice a year. Inside the latest copy, according to news site PC World, is a host of details concerning the late-2013 malware “Rotbrow” and the drastic increase of computers that became infected with the malicious program.

PC World quotes Tim Rains, the director of Microsoft’s Trustworthy Computing division, as saying that, on average, only 5.8 computers out of 1,000 were infected with malware during the third quarter of 2013. This number spiked to approximately 17 computers out of 1,000 during the fourth quarter – “the largest quarter-to-quarter infection rate increase ever measured by the [Microsoft Malicious Software Removal Tool],” says Microsoft's report – and officials largely blame that increase on a trio of programs: Sefnit, Rotbrow, and Brantall.

Most notably, the Rotbrow trojan was reportedly not considered immediately dangerous. Security providers classified it as a “dropper” and knew that it was capable of downloading and installing additional software onto users' computers. When it was first found in the wild, however, it was not downloading malware. So, security programs were not red flagging the program.

Once Microsoft found out that it was downloading malicious browser extensions, it alerted security companies which then added the trojan to their blacklists. In its recent SIR, Microsoft reveals that the malware had been around since 2011 and that it never caused such serious problems until the final quarter of 2013.

Browser Protector

“Rotbrow presented itself as a browser add-on called 'Browser Protector'”, the company says in its report.

“Researchers discovered that some versions of the Browser Protector process, called BitGuard.exe, drop an installer for a harmless program called File Scout, and also secretly install Sefnit at the same time,” it continues.

Sefnit, a bot that allows remote attackers to use hosts' computers for click fraud, Bitcoin mining, and search redirection, had existed since 2010 and was used by attackers to help them make money. In 2013, the program began to act somewhat differently than it had in the past. It began to use a proxy service that relayed HTTP traffic. It was in December 2013 when Microsoft added “Rotbrow” signatures to its MSRT to detect the program and combat the proliferation of Sefnit which was added to the MSRT signature database in January 2012.

Image courtesy of Adam Caudill via Flickr

More about: trojan, security, microsoft, malware

Recommended Posts | Network Management


BitWhisper: Extracting Data From Secured Computers Via Heat

For BitWhisper to work both machines (connected and air-gapped) have to be infected with specially designed malware. This is not really an issue for the online machine, but could prove quite tricky on an air-gapped system. Still, even air-gapped computers can contract malware through USB drives ...
Troubleshooting with the OSI Model

Troubleshooting with the OSI Model Still Effective

Network technology has changed considerably since the dawn of computer inter-networking. Early commercial networks used x.25, a protocol suite for packet switching. Originally designed to carry voice traffic, x.25 remains in use today for some automated teller machine or credit card verification ...
Tips For Efficient Network Management

10 Tips For Efficient Network Management

Most major network faults are often the result of many smaller ones; fix the little issues and the big ones won’t be as numerous and your network will run more smoothly. Pay attention to the basics, and the big issues seldom arise. Here are 10 top tips for keeping network healthy and trouble-free ...
Adware Protection

Keeping Your Business Safe From Adware

Adware is becoming one of the top malware problems today in businesses around the world. Before, businesses only had to worry about protecting their computers and networks in their organization. Today it goes way beyond the doors of your company. With all the new BYOD programs, cloud computing ...