CVE-2010-3971, Not Quite the Weekend Warrior
Today, the MSRC is releasing an update to address an Internet Explorer 0-day vulnerability (CVE-2010-3971), originally posted by a researcher to Full Disclosure in early Dec. Since the public...
View ArticleAnother round of bots for MSRT
This month we add another bot to the MSRT family list – Win32/Cycbot. Cycbot was discovered in August 2010 and has quickly become prevalent. It seems that Cycbot’s creators called it “Gbot”, as it used...
View ArticleBattling the Zbot Threat (with MSRT)
Hello Internet! As you may recall, last October we updated MSRT to include the well-known malware Zbot (aka Zeus), one of the more prolific bots we see in the wild today. Today, we released a...
View ArticleThe Streets of San Francisco
February 14 is right around the corner and that can mean only one thing- it's time for the RSA conference in San Francisco. This year, Scott Charney, Corporate Vice President of Trustworthy Computing,...
View ArticleSMS Mobile Malware Feelin’ the Love
Thinking of sending an MMS message to a loved one? Think twice before downloading mobile applications that promise just that. With all the hoopla that this love month already has going on, obviously...
View ArticleMy Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability
On Valentine's Day, an anonymous researcher announced a previously undisclosed SMB (Server Message Block) vulnerability affecting the CIFS (Common Internet File System) browser service. Along with the...
View ArticleIdentity Theft Affects Virus Writers, Too
Lots of people have web-based e-mail addresses, such as Hotmail, Live, or Gmail. Some of these addresses are used as "throw away" accounts, and abandoned once they are no longer needed. Others are...
View ArticleEmbedded JavaScript in SWF
In a blog published in November titled “Explore the CVE-2010-3654 matryoshka“, we discussed a 0-day Shockwave (SWF) exploit that uses JavaScript to do malicious actions. In this blog, we discuss...
View ArticleMSRT March'11 featuring Win32/Renocide
This month we are releasing another instalment of our Malicious Software Removal Tool (MSRT), which now includes Win32/Renocide detection and cleaning capabilities. Win32/Renocide is a family of worms...
View ArticleWin32/Renocide, the aftermath
On March 8th, we announced the release of our latest Malicious Software Removal Tool (MSRT), version that included detection and cleaning capabilities for a backdoor enabled worm we are calling...
View ArticleA Technical Analysis on the CVE-2011-0609 Adobe Flash Player Vulnerability
On March 14, Adobe released a security advisory (APSA11-01) warning of 0-day attacks affecting Adobe Flash Player (versions earlier than and including 10.2.152.33). These attacks were hidden inside...
View ArticleOperation b107 - Rustock Botnet Takedown
Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in...
View ArticleHow to defang the Fake Defragmenter
We are tracking the trails of this fake "System Defragmenter" software since its first appearance last October 2010, and have warned our customers in our earlier post about this trojan software. In...
View ArticleGreetings from sunny Barcelona
This year's Black Hat Europe Conference 2011, with Microsoft as one of the sponsors, was held in Barcelona Spain. The first briefings were held March 17th, when speakers began to present various...
View ArticleBuilding Reputation with Microsoft Security Essentials
Internet Explorer 9 includes a great new application reputation feature driven by SmartScreen. As described in this Building Reputation blog post by Ryan Colvin, SmartScreen uses file hashes and...
View ArticleVery bad news, with more bad news embedded
Malware writers never miss the chance to take advantage of big world events, no matter how tragic. The recent Japanese nuclear incident, caused by the devastating earthquakes, is their target this...
View ArticleTrojan downloader Chepvil on the UPSwing
A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I....
View ArticleAre you using the right "System Tool"?
Recently, we have been seeing a lot of the Winwebsec rogue branded as "System Tool". Winwebsec authors have been using this brand since last year, but lately these have been seen using more aggressive...
View ArticleGive me your credit!
We recently examined a sample, detected as Program:Win32/Pameseg.P (SHA1: 089e7ec8ee2ca4be0fff079e39ef26110a8de78e), that appears to be a new version of "LoviVkontakte", an application for the Russian...
View ArticleAnalysis of the CVE-2011-0611 Adobe Flash Player vulnerability exploitation
About a month ago, we blogged about an Adobe Flash Player vulnerability (CVE-2011-0609) that was actively exploited in the wild. That exploit was hidden inside a Microsoft Excel document. Over the...
View Article
More Pages to Explore .....