Clik here to view.
Poison and EyeStye, by the numbers
The latest MSRT release included coverage for two more malware families, one being Win32/EyeStye, which we discussed earlier this month, and the other being Win32/Poison. In tandem with our efforts to...
View ArticleClik here to view.
MSRT November '11: Carberp
We included three threat families in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp, Win32/Cridex and Win32/Dofoil. In this post, we discuss Win32/Carberp. The...
View ArticleClik here to view.
MSRT Nov' 11: Cridex - the hex of Skidlo
Earlier, we discussed Win32/Carberp, a malware family included in the November release of the Malicious Software Removal Tool. In this post, we discuss another included malware, Win32/Cridex....
View ArticleClik here to view.
Easy Money: Program:Win32/Pameseg (part one)
Nowadays many people believe in the opportunity to achieve great wealth without much effort, not leaving the house, not interrupting their favorite computer games, forums, social networking and so on....
View ArticleClik here to view.
Keep your Facebook friends close and your antivirus closer
Facebook malware attacks are not new. Scams spreading via status updates have been around for a long time, but in recent weeks one threat has been getting creative in terms of social engineering....
View ArticleClik here to view.
Microsoft Security Essentials beta registration opens
Today we announce that the Beta for the next version of Microsoft Security Essentials is open for registration. Do you want to try out our latest innovations in protection and performance? Are you...
View ArticleClik here to view.
Easy Money: Program:Win32/Pameseg (part 2)
In the previous post, we gave an introduction to how file partnership programs work and how they make money off unsuspecting users by charging them for installing software that is actually free. In...
View ArticleClik here to view.
MSRT November: Dofoil
As previously noted, one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil. TrojanDownloader:Win32/Dofoil is a configurable...
View ArticleClik here to view.
Friendly spam carries Zbot
This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier's website to pay the monthly bill....
View ArticleClik here to view.
Backdoor:Win32/Fynloski.A: a short history of abuse
In the quest to compromise users' systems, malware has always employed different and resourceful techniques to achieve its goals. From using social engineering methods, to abusing legitimate software...
View ArticleClik here to view.
MSRT December: Win32/Helompy
The December 2011 edition of the MSRT includes detection and clean-up for the Win32/Helompy Family. Helompy is a worm that propagates by copying itself to the root of removable drives, and its main...
View ArticleClik here to view.
FTC to refund rogue security software victims
The United States Federal Trade Commission announced that it will begin issuing refunds to 300,000 consumers that were victims of several rogue security software scams such as "Winfixer", "Drive...
View ArticleClik here to view.
Disorderly conduct: localized malware impersonates the police
We have recently seen the emergence of several samples of a ransomware family localized into different languages. Malware that relies on localized social engineering tactics has been around for a few...
View ArticleClik here to view.
Are you beta testing malware?
This post is part one of two. Popular games are often used by malware writers as social engineering bait as documented in previous blogs ("Dota Players Own3d" and "Keeping Kerrigan From Infection")....
View ArticleClik here to view.
Are You Beta Testing Malware pt 2: Dissecting Fynloski's Obfuscation
This post is part two of two. In our previous post, we came across a couple of files that used some popular games as part of its social engineering technique. One of the files, which was named...
View ArticleClik here to view.
January '12 MSRT: Win32/Sefnit
The January 2012 edition of the Microsoft Malicious Software Removal Tool (MSRT) includes detection and removal of the Win32/Sefnit family of trojans. This trojan family moderates and redirects web...
View ArticleClik here to view.
Plenty to complain about with faux BBB spam
I was recently having a conversation online in a forum about online reputation and about refuting false claims posted on customer complaint sites. In this particular conversation I was having, the...
View ArticleClik here to view.
Fake Seattle traffic ticket notification leads to malware
Our partners at the City of Seattle sent us a warning today about a phishing campaign which targets users very close to home -- specifically, Seattle Washington. They're seeing spam mail circulating...
View ArticleClik here to view.
A different breed of downloader
In our everyday world, we sometimes make use of thin clients, which don't have a lot of functionality but are easy to maintain, as their functionality is based on data they receive from remote...
View ArticleClik here to view.
Independent social welfare site hacked to serve malware?
We received a submission from one of our customers that downloaded some suspicious files from a certain website. We checked the files, confirmed that they are actually malicious and added detection...
View Article
