Protection metrics – November results

In our October results, we talked about a trio of families related to Win32/Sefnit. Our November results showed progress against Sefnit and the installers and downloaders of Sefnit (Win32/Rotbrow and Win32/Brantall). In comparison to September, active Sefnit infections have been reduced by 82 percent. As with prior months, our rate of incorrect detections also remained low and performance stayed consistent.

(If you want a refresh on the definition of the metrics we use in our monthly results, see our initial post: Our protection metrics – September results.)

For Rotbrow, (which, by the way, was also added to the MSRT in December), we saw half the number of active infections in November in comparison to the previous month. Active Brantall infections were reduced by about a fifth, month over month.

A relatively new family, Win32/Wysotot, which was added to our realtime protection products at the end of October, and impacted 0.002 percent of our customer base in November, had a moderate impact (although much smaller in comparison to the Sefnit trio), but went into decline later in the month. Wysotot is typically installed on your computer through software bundlers that advertise free software or games. It redirects you to another website when you open certain browsers through a shortcut file. It can also download other software, run and kill processes on your computer and sends the status of your security software to a command and control (C&C) server.

The VBS/Jenxcus family had a similar impact, but, contrary to Wysotot, hasn't declined. This worm uses shortcut links to propagate, but also is often downloaded online or through torrents. It also has the capability to spread through removable drives, so if your computer's infected with Jenxcus, make sure you also scan any removable drives you've used recently with an antivirus product. More on Jenxcus next month.

Also, considering the recent action against the Sirefef family, we will have a few interesting trends to report next month. Stay tuned for that update in the new year.

In the meantime, make sure your antivirus solution is up to date. If you're running Windows 8, Windows Defender helps protect you against malware; if you're running Windows 7 and earlier, you can install Microsoft Security Essentials.

Holly Stewart

MMPC

No Comments