Clik here to view.
MSRT April ‘11: Win32/Afcore
This month, the MSRT team added the Win32/Afcore family of trojans to its detections. This malware is also known as Coreflood. It has evolved over time, first breaking onto the scene in 2003. At the...
View ArticleClik here to view.
Doctor Who calling–on Skype, with malware
Earlier this week, I received a phone call via Skype on my laptop, the caller’s ID was “dralerthelpzc8” as in Dr Alert Help ZC8. The voice on the other end was automated, computerized and otherwise...
View ArticleClik here to view.
Scam emails - the cost of response
Recently, I received an email in my personal inbox with a subject line “MYSTERY SHOPPER ASSISTANT“ (the message did not filter to my junk folder and was not marked as spam). Image 1 – “Mystery shopper...
View ArticleClik here to view.
A Second MSRT Release in April
In continuation of our support for the takedown activities on the Win32/Afcore botnet, we are releasing a second edition of MSRT in April. This edition includes variants of Afcore released by the...
View ArticleClik here to view.
Slick links linked to slinky Winwebsec
I received a spam email from a friend lately after which I immediately notified him of a potential malware infection. He insisted his technician had taken care of the infection once and for all....
View ArticleClik here to view.
Keeping an eye on the heap
The Windows heap memory is a rich source of anti-debugging techniques. It can be altered in numerous ways to achieve interesting effects, such as the execution of arbitrary code in particular...
View ArticleClik here to view.
Little Red Ramnit: My, what big eyes you have, Grandma!
This month's addition to MSRT is Win32/Ramnit. Having been discovered in April 2010, the family is relatively new, however, the authors of Ramnit seem to have a preference for using an older generation...
View ArticleClik here to view.
New Security Intelligence Report Released
Since 2006, we have released ten volumes of the Security Intelligence Report, providing customers with unparalleled insight into the software threat landscape and guidance to better protect themselves....
View ArticleClik here to view.
Presenting... the Microsoft Safety Scanner
We have just released a new tool called Microsoft Safety Scanner to help you diagnose if your computer is infected and clean it if possible. It is available from www.microsoft.com/security/scanner....
View ArticleClik here to view.
Dissecting Phish in SIRv10
One of the most striking statistics in our recent Security Intelligence Report (SIRv10) is the change in social network phishing (attacks focused on impersonating a social networking site in an attempt...
View ArticleClik here to view.
Ambler trojan tries to darken your day
There's been talk of a new threat called "Sunspot", which we detect as Win32/Ambler.A (click to read more in our encyclopedia). Like several others in the AV industry, we feel that this threat is not...
View ArticleClik here to view.
Win32/Alureon brings back old school virus techniques, enhanced
In 1999, a new virus, Win32/Crypto, was discovered. It was using brute-force attacks against its encryption key to decrypt its body. Today, in 2011, variants of Win32/Alureon are bringing this...
View ArticleClik here to view.
Winwebsec gang responsible for FakeMacdef?
We've noticed a few odd rogue security software applications recently—although this type of threat is nothing new, these samples are interesting because they target the Mac OS X operating system....
View ArticleClik here to view.
Dead code walking
Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a...
View ArticleClik here to view.
Microsoft Safety Scanner detects exploits du jour
We recently updated the Microsoft Safety Scanner - a just-in-time, free cleanup tool. The new version adds support for 64-bit Windows systems and also allows for the download of the tool to run in...
View ArticleClik here to view.
MMPC Threat Report: Cracking open Qakbot
Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010....
View ArticleClik here to view.
When spear phishers target security researchers
Every now and then a would-be criminal online picks the wrong potential victim. I was recently selling a 1995 Ford Escort on the site Craigslist.com and had a number of interested buyers. One such...
View ArticleClik here to view.
Fake Canadian pharma site causing headaches
I awoke the other day to a friend calling me and exclaiming into the phone: “My Yahoo email account was hacked !!!” He had been angrily accused by others in his contact list of sending spam messages...
View ArticleClik here to view.
May MSRT by the numbers
In May, we added Win32/Ramnit to the Microsoft Removal Tool (MSRT) detection capability, as my colleague Scott Molenkamp blogged. As of May 20th, MSRT disinfected 52,549 computers from the...
View ArticleClik here to view.
Autorun-abusing malware (Where are they now?)
On Feb. 8, Microsoft started releasing updates for the Windows XP and Vista platforms to make the Autorun feature more locked-down on those older platforms by preventing AutoPlay from being enabled...
View Article
