MSRT April ‘11: Win32/Afcore
This month, the MSRT team added the Win32/Afcore family of trojans to its detections. This malware is also known as Coreflood. It has evolved over time, first breaking onto the scene in 2003. At the...
View ArticleDoctor Who calling–on Skype, with malware
Earlier this week, I received a phone call via Skype on my laptop, the caller’s ID was “dralerthelpzc8” as in Dr Alert Help ZC8. The voice on the other end was automated, computerized and otherwise...
View ArticleScam emails - the cost of response
Recently, I received an email in my personal inbox with a subject line “MYSTERY SHOPPER ASSISTANT“ (the message did not filter to my junk folder and was not marked as spam). Image 1 – “Mystery shopper...
View ArticleA Second MSRT Release in April
In continuation of our support for the takedown activities on the Win32/Afcore botnet, we are releasing a second edition of MSRT in April. This edition includes variants of Afcore released by the...
View ArticleSlick links linked to slinky Winwebsec
I received a spam email from a friend lately after which I immediately notified him of a potential malware infection. He insisted his technician had taken care of the infection once and for all....
View ArticleKeeping an eye on the heap
The Windows heap memory is a rich source of anti-debugging techniques. It can be altered in numerous ways to achieve interesting effects, such as the execution of arbitrary code in particular...
View ArticleLittle Red Ramnit: My, what big eyes you have, Grandma!
This month's addition to MSRT is Win32/Ramnit. Having been discovered in April 2010, the family is relatively new, however, the authors of Ramnit seem to have a preference for using an older generation...
View ArticleNew Security Intelligence Report Released
Since 2006, we have released ten volumes of the Security Intelligence Report, providing customers with unparalleled insight into the software threat landscape and guidance to better protect themselves....
View ArticlePresenting... the Microsoft Safety Scanner
We have just released a new tool called Microsoft Safety Scanner to help you diagnose if your computer is infected and clean it if possible. It is available from www.microsoft.com/security/scanner....
View ArticleDissecting Phish in SIRv10
One of the most striking statistics in our recent Security Intelligence Report (SIRv10) is the change in social network phishing (attacks focused on impersonating a social networking site in an attempt...
View ArticleAmbler trojan tries to darken your day
There's been talk of a new threat called "Sunspot", which we detect as Win32/Ambler.A (click to read more in our encyclopedia). Like several others in the AV industry, we feel that this threat is not...
View ArticleWin32/Alureon brings back old school virus techniques, enhanced
In 1999, a new virus, Win32/Crypto, was discovered. It was using brute-force attacks against its encryption key to decrypt its body. Today, in 2011, variants of Win32/Alureon are bringing this...
View ArticleWinwebsec gang responsible for FakeMacdef?
We've noticed a few odd rogue security software applications recently—although this type of threat is nothing new, these samples are interesting because they target the Mac OS X operating system....
View ArticleDead code walking
Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a...
View ArticleMicrosoft Safety Scanner detects exploits du jour
We recently updated the Microsoft Safety Scanner - a just-in-time, free cleanup tool. The new version adds support for 64-bit Windows systems and also allows for the download of the tool to run in...
View ArticleMMPC Threat Report: Cracking open Qakbot
Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010....
View ArticleWhen spear phishers target security researchers
Every now and then a would-be criminal online picks the wrong potential victim. I was recently selling a 1995 Ford Escort on the site Craigslist.com and had a number of interested buyers. One such...
View ArticleFake Canadian pharma site causing headaches
I awoke the other day to a friend calling me and exclaiming into the phone: “My Yahoo email account was hacked !!!” He had been angrily accused by others in his contact list of sending spam messages...
View ArticleMay MSRT by the numbers
In May, we added Win32/Ramnit to the Microsoft Removal Tool (MSRT) detection capability, as my colleague Scott Molenkamp blogged. As of May 20th, MSRT disinfected 52,549 computers from the...
View ArticleAutorun-abusing malware (Where are they now?)
On Feb. 8, Microsoft started releasing updates for the Windows XP and Vista platforms to make the Autorun feature more locked-down on those older platforms by preventing AutoPlay from being enabled...
View Article
More Pages to Explore .....