Microsoft takes on Srizbi

In the Microsoft Malware Protection Center blog, Vincent Tiu wrote that Microsoft is taking on the notorious Srizbi malware, a group of malware consisting of Trojan droppers and rootkits that spread through spam emails that contain malicious download links.

Designed as what Liu calls a “spam-for-hire” operation, Srizbi, the creators use it to organize a botnet for sending spam for thier customers. The malware, according to the blog, “hooks low-level operating system APIs to protect its registry and file components from being seen and accessed to hide its presence and prevent disinfection.” Once infected, a computer is “zombified” and becomes part of the Srizbi botnet.

The Malicious Software Removal Tool (MSRT), which comes with the Windows operating system, will be able to detect and eliminate Srizbi, one of the most notorious botnets on the Web. With MSRT running on millions of computers, the botnet could conceivably take a big hit as a result, similar to what happened when Microsoft included detection for the Storm worm and eliminated 91,000 infections of it overnight.

Srizbi had been knocked down a peg recently when the McColo ISP was put out of business and the botnet is decidedly smaller today, but there are still an enormous number of infected PCs out there. The latest move by Microsoft could very well put Srizbi out of its misery for good.