Clik here to view.
MSRT August - Lecpetex
This month we added Win32/Lecpetex to the Microsoft Malicious Software Removal Tool (MSRT).The addition will assist with the detection and clean-up of this family following the recent Facebook...
View ArticleClik here to view.
FireEye and Fox-IT tool can help recover Crilock-encrypted files
Since file-encryption ransomware Crilock (also called CryptoLocker) has reared its head, the security industry has been hard at work finding ways to mitigate and neutralize these threats. We've also...
View ArticleClik here to view.
The fall of rogue antivirus software brings new methods to light
Rogue antivirus software has been a part of the malware ecosystem for many years now – Win32/SpySheriff and Win32/FakeRean date all the way back to 2007. These rogues, and the many that have followed...
View ArticleClik here to view.
USB firmware: An upcoming threat for home and enterprise users
Every year, thousands of hackers and security researchers from around the world descend on Las Vegas to attend the annual Black Hat security conference. The conference boasts top notch security...
View ArticleClik here to view.
MSRT September 2014 - Zemot
This month we added the Win32/Zemot family to the Malicious Software Removal Tool.The Zemot family of trojan downloaders are frequently used by malware with a number of different payloads. We started...
View ArticleClik here to view.
Download at your own risk: Bitcoin miners bundled with game repacks
Recently we have seen an emerging trend among malware distributors - Bitcoin miners being integrated into installers of game repacks.This type of system hijacking is just one of the many ways to...
View ArticleClik here to view.
Microsoft cloud protection
Microsoft is using cloud protection to help keep our customers safe. In fact, nearly any detection made by Microsoft security products could be the result of cloud protection. Software developers...
View ArticleClik here to view.
MSRT October 2014 – Hikiti
The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security...
View ArticleClik here to view.
Close means close: New adware detection criteria
In April we introduced the rules that software developers should follow when creating advertisements to avoid being detected by Microsoft security products as adware. These rules are designed to keep...
View ArticleClik here to view.
Staying in control of your browser: New detection changes
This week we made some important changes to how we detect browser modifiers and adware. These changes are designed to better protect your browsing experience.We have already blogged about the changes...
View ArticleClik here to view.
Novetta leads first coordinated malware eradication campaign
Earlier this month, Novetta took their initial public action in the first Coordinated Malware Eradication (CME) campaign against Win32/Hikiti and its associated threats.Today, Novetta released a...
View ArticleClik here to view.
The dangers of opening suspicious emails: Crowti ransomware
The Microsoft Malware Protection Center (MMPC) has seen a spike in number of detections for threats in the Win32/Crowti ransomware this month as the result of new malware campaigns. Crowti is a family...
View ArticleClik here to view.
Cracking the CVE-2014-0569 nutshell
The Microsoft Malware Protection Center (MMPC) has recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-0569. This exploit is being integrated into the Fiesta exploit...
View ArticleClik here to view.
MSRT November 2014 – Tofsee
This month we added the Win32/Tofsee and Win32/Zoxpng malware families to the Malicious Software Removal Tool.Zoxpng is a backdoor component that can execute remote commands from a malicious hacker. It...
View ArticleClik here to view.
Expired antimalware software is nearly as unsafe as having no protection at all
Analyzing data to find the root cause of infections has been a long-standing focus of the MMPC. One area we've been investigating is the correlation between endpoint protection and infection rates....
View ArticleClik here to view.
An inside look: gathering and analyzing the SIR data
At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what’s going on in the overall malware ecosystem,...
View ArticleClik here to view.
An interesting case of the CVE-2014-8439 exploit
We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits,...
View ArticleClik here to view.
MSRT December 2014
This month is our final release of the Malicious Software Removal Tool (MSRT) for 2014.Although we didn’t add any new malware families, we updated the tool with the latest detection and remediation...
View ArticleClik here to view.
A timeline of consent and control
In October we announced some changes to our BrowserModifier detection criteria. These changes were designed to keep a user in charge of their web browsers through consent and control. Since the changes...
View ArticleClik here to view.
Wire transfer spam spreads Upatre
The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre.It is important to note that customers...
View Article
