(((Sounds like rather mixed results.)))
http://blogs.technet.com/antimalware/archive/2007/09/20/storm-drain.aspx
Link: Anti-Malware Engineering Team : Storm Drain.
Storm Drain
"Over the past few months, there has been talk about a wave of malware known commonly as “Storm”. “Storm” has been noted to be responsible for Distributed Denial of Service (DDoS) attacks, mass phishing emails, spam, botnets, and all sorts of online malicious activity.
"While the name “Storm” was adopted by press, security companies had already adopted a myriad of names for the set of malware that encompasses this attack. Here at Microsoft, we refer to certain components as Win32/Nuwar and others as Win32/Tibs. Other names such as Zhelatin and shorter names associated with brief attacks have also been used, such as e-card or nfltracker. As I noted, there are many different components, each with its own specialized functionality, so over time, many names have been used. (((How about simply calling it "Storm" and getting it over with? Do we need specialized teensy-tiny terms for every separate aspect of Microsoft malware?)))
"In August, Microsoft’s Malware Protection Center (MMPC), the group of researchers responsible for each month’s additions to the Malicious Software Removal Tool (MSRT), decided to add this family to the September MSRT release based on its prevalence. The MSRT updates are released monthly in conjunction with Microsoft’s security software updates, and are free to the public in an effort to remove prevalent malware from the Windows eco-system and improve everyone’s ability to enjoy the Internet. With more than 350 million machines around the world that run this program, it requires great care and planning to release each new version.
"After much work and testing, we made this month’s MSRT available for download September 11, and now after one week, we would like to share some of the statistics with you.
" But before I do, the researcher in me requires that I give you the caveats. First, MSRT is targeted against very specific known malware. It is well known that the “Storm” attacks are engineered by criminals who update their malware frequently. As a result, we are in an endless chase. (((Uh-oh.)))
" But that doesn’t mean we shouldn’t try to make things better. Also, once we decide to take on a family in the MSRT, we continue the assault on that family moving forward, so we will keep at it. Because of all the testing that has to be done, we have to freeze our signature additions weeks in advance to make sure we have ample time to do the testing required to release a product as error free as possible (since even a small percentage of errors will impact thousands or millions of people).
"Finally, to the numbers (numbers as of 2PM Tuesday, PDT).
"The Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this month’s MSRT from 2,574,586 machines...."
(((Okay okay, so how many Windows machines are there in all of the Zhelatin botnet?)))
"The September release of the MSRT probably cleaned up approximately one hundred thousand machines from the active “Storm” botnet. Such numbers might project that the strength of that botnet possibly stood at almost half a million machines with an additional few hundred thousand infected machines that the “Storm” botnet perhaps were not actively incorporating. (((Half a million – a pretty far cry from the theoretical worst-case scenario of fifty million – wait a minute – "Might project"? Anybody can "might project" a number.)))
Unfortunately, “the virus you are most likely to be infected with is the one that you most recently cleaned” because people with a habit of doing something are likely to repeat whatever they did. Despite so many machines having been cleaned recently by MSRT, the “Storm” botnet will slowly regain its strength....
(((I dunno about you, but this is sure giving me a warm, cozy, fully-secured feeling.)))
