Microsoft Malware Protection Center
This month’s Malicious Software Removal Tool (MSRT) release added new detection and cleaning for several malware threats that incorporate the use of the CVE-2010-2568 vulnerability (which was fixed by the MS10-046 security bulletin released in August). This includes the Win32/Stuxnet family and several variants of Win32/Vobfus and W32/Sality.
From a global perspective, the results for these .lnk-related families were interesting. The following chart shows countries with the most saturated infections—that is, for every computer scanned, what percentage had an infection for each family.
Although these families had large numbers of cleanings in places like the US, India, France, Russia, Spain, and Brazil, these locations were not nearly as saturated with the malware (when you look at infections per capita) in comparison to the top regions shown in the chart above. Some regions had smaller numbers of affected computers, but extraordinarily high saturation rates, such as Iran and Indonesia.
Iran and Indonesia have typically had very low CCM rates. (CCM stands for Computers Cleaned per Mille – a count of how many computers were infected for each thousand scanned.) This count is a measure of all malware families, not just a single family. The Stuxnet infections that Iran and Indonesia have incurred over these past few months have been high enough to triple their CCMs. To have a single family increase a country’s typically low malware saturation by a factor of three is very significant.
http://blogs.technet.com/b/mmpc/archive/2010/08/19/one-week-later-broken-lnks-and-msrt-august.aspx
