Clik here to view.
MSRT August '11: FakeSysdef
This month's Malicious Software Removal Tool (MSRT) includes Win32/FakeSysdef - one of the most prevalent trojans affecting our support groups over the past few months. We've discussed this threat in...
View ArticleClik here to view.
Can we believe our eyes?
Several days ago, one of our customers submitted a sample (SHA1: fbe71968d4c5399c2906b56d9feadf19a35beb97, detected as TrojanDropper:Win32/Vundo.L). This trojan hijacks the hosts “vk.com” and...
View ArticleClik here to view.
Keeping malware away - how do some countries do it?
Our friend Tim Rains over at Trustworthy Computing (TwC) has just concluded a six-part series in which he took a closer look at the threat landscape in locations that have the lowest infection rates in...
View ArticleClik here to view.
New worm targeting weak passwords on Remote Desktop connections (port 3389)
We've had reports of a new worm in the wild and that generates increased RDP traffic for our users on port 3389. Although the overall numbers of computers reporting detections are low in comparison to...
View ArticleClik here to view.
More on Morto
As some of you might be aware, we've recently been seeing low levels of reports of Win32/Morto - a worm that causes headaches for users who may have less than ideal password policies - so we thought...
View ArticleClik here to view.
Win32/AdsLock – advertising content locking tool turned ransomware
It is clear that breaking search engine rules and exploiting functionality to drive traffic and monetize content is a lucrative and extremely viable business for unethical or so called "blackhat"...
View ArticleClik here to view.
Bamm Bamm, Rubble.
The family selected for addition to MSRT this month is Win32/Bamital. Win32/Bamital was first discovered in September 2009 and was able to intercept and modify queries performed by search engines such...
View ArticleClik here to view.
Doing the Zbot spot; playing gotcha with a botnet
Greetings Internet! This month (carefully hidden under the Win32/Bamital blanket), employing the old adage 'fight fire with fire', we decided to fight sneakiness with sneakiness and quietly slipped a...
View ArticleClik here to view.
Banker – the other way around
There are many techniques used by malware in the banker family to steal user’s authentication credentials for online banking sites. We came across an interesting sample recently, detected as...
View ArticleClik here to view.
Rustock Case Update
Today, Microsoft's Digital Crimes Unit announced that we have concluded our civil case against the Rustock botnet operators and turned evidence found during that investigation over to the FBI as a...
View ArticleClik here to view.
A tale of grannies, Chinese herbs, Tom Cruise, Alureon and steganography
I've been monitoring the development of a particular strain of Alureon since the start of August this year. The installer (detected as Trojan:Win32/Alureon.FE -...
View ArticleClik here to view.
Operation b79 (Kelihos) and Additional MSRT September Release
For the month of September, Microsoft is adding the Win32/Kelihos family to a second release of the Malicious Software Removal Tool. This additional release is to support the most recent action in...
View ArticleClik here to view.
Online game trading - sometimes more than you bargained for
Some online games offer features for the game players to sell their game items online. In such situations, it is highly likely some sellers may send the potential buyers a screenshot of their items for...
View ArticleClik here to view.
New: Microsoft Security Intelligence Report Volume 11- Now Available
Hi, again everyone! Today we released the 11th volume of the Microsoft Security Intelligence Report, also known as SIRv11. I have to say once again we’ve outdone ourselves and launched the largest...
View ArticleClik here to view.
MSRT October '11: EyeStye
This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison. EyeStye (aka 'SpyEye') is a family of trojans that steals information, targeting...
View ArticleClik here to view.
SIRv11: Putting Vulnerability Exploitation into Context
As Vinny Gullotto, our GM blogged earlier in the week, the 11th edition of the Security Intelligence Report (SIRv11) has been released. One of the new areas of research in this release is a study of...
View ArticleClik here to view.
Mobile threats on the desktop
The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common...
View ArticleClik here to view.
There’s more than one way to skin an orange…
When it comes to attacking a system, and compromising its data and/or resources, there are several different methods that an attacker can choose. One of the more effective ways to make a successful...
View ArticleClik here to view.
Get gamed and rue the day...
As we discussed last week, socially engineered threats are specially crafted threats designed to lure the eye and trick the mind - they look legitimate or benign, and in worst case, may take advantage...
View ArticleClik here to view.
Update on the Zbot spot!
Hello Internet! I'm back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into...
View Article
