Anti-Malware Engineering Team

This blog provides information about what's happening in the anti-malware technology team at Microsoft. We're the team that builds the core antivirus, antispyware, anti-rootkit, and related technology, which is then used across a number of Microsof

Anti-Malware Engineering Team

  • Sony DRM Rootkit

    I've been getting a lot of questions in the last week about Microsoft's position on the Sony DRM and rootkit discussions, so I thought I'd share a little info on what we're doing here. We are concerned about any malware and its impact on our customers...
  • When SQL Injections Go Awry, Incident Case Study

    It seems to be the "in-thing" these days - using an automated tool to perform SQL injections against vulnerable sites across multiple domains. Although the attack method isn't new, some sites are hit multiple times, as evident by a corruption...
  • What's in a name?? A lot!! Announcing Windows Defender!

    Every week seems like a big week for us in the engineering team working on our anti-malware technology. However, last week was especially important in a sentimental way. We got the final name for the cool technology our team has been developing for Windows...
  • Storm Drain

    Over the past few months, there has been talk about a wave of malware known commonly as “Storm”. “Storm” has been noted to be responsible for Distributed Denial of Service (DDoS) attacks, mass phishing emails, spam, botnets, and all sorts of online malicious...
  • MBR rootkit: VirTool:WinNT/Sinowal.A report

    This week you may have heard or read about a new rootkit that has been reported in the wild that uses the Master Boot Record (MBR) as its Auto-Start Entry Point (ASEP). The malware is being called VirTool:WinNT/Sinowal.A . First we want to let you know...
  • Hello world

    printf(“hello world\n”); This is Jimmy Kuo of the Microsoft Security Research & Response team (MSRR). (What a wonderful thing to say and see written down.). Recently, there have been some tests that have brought into question the detection...
  • Microsoft acquires Komoku

    Today, Microsoft announced the acquisition of Komoku to add to Forefront and Windows Live OneCare's technological capabilities. I would like to take this opportunity to review the year since my "Hello World" blog post and again provide insight on where...
  • Malware Protection Center Portal v1 Live!

    Hey all, if you recall, back in April we released the PREVIEW version of our new portal affectionately known as the Microsoft Malware Protection Center Portal. Since then we’ve received loads of feedback from customers and partners on what they like about...
  • Oderoor - all it's Kraked up to be?

    Greetings from (sorta) sunny Melbourne, Australia! We’re the newest addition to Microsoft’s Security Research and Response global team. In arbitrary seating order we have: Jakub Kaminski, Scott Molenkamp, Hamish O’Dea, Heather Goudey...
  • Antimalware Team Releases MSRT White Paper

    Hello there. I'm writing to you from the Microsoft TechEd conference in Boston. This event attracts over 10,000 attendees interested in learning about current and future Microsoft products. It's also a great place for getting feedback from our customers...
  • We have moved!

    To ease navigation and be more in synch with our security colleagues within Microsoft, we have moved to a new blog address: http://blogs.technet.com/mmpc We hope you like the new look. Please remember to redirect any links to our new web address.
  • Testing A New Definition Update Publishing Process for Windows Defender

    Hi Folks, Adam here from the antimalware team. I wanted to give you a heads-up that we will be testing a new definition update process in the next two weeks. Definition updates for Windows Defender (Windows Vista and current platforms) will be publishing...
  • A Closer Look at Behavioral Classification

    Hi, my name is Tony Lee. I am a virus researcher on the Microsoft Antimalware team. One of our top priorities is to conduct advanced research to combat malware problems. A significant challenge we have today is the large number of active malware samples...
  • Final release of Windows Defender (Build 1592)

    It brings me great pleasure to announce the final availability of Windows Defender in English. The team has been working hard for over a year and fixed over 400 bugs in the areas of stability and reliability since Windows Defender (Beta 2). We plan to...
  • Security Intelligence Report

    This week at RSA Europe in Nice, France we released a report detailing the security landscape for the first half of 2006. The report lays out details collected through our various antimalware technologies. The report highlights a number of trends such...
  • Virus Bulletin 2006

    A contingent from our antimalware team attended the Virus Bulletin conference in Montreal, Canada two weeks ago- 12 of us in all. Matt Braverman and I were both presenters and I also moderated a panel discussing progress made by the Anti-Spyware Coalition...
  • Continuing to move forward – the Microsoft Malware Protection Center

    Fresh off our visit to Japan , where we discussed issues important to the Microsoft Malware Protection Center, we continue to move forward with our goal of being a premier anti-virus research and response center (R&R). Last week’s news of our new...
  • VB 100 Test Results Are In...

    As I mentioned in my last blog post, our researchers and engineers in the Microsoft Malware Protection Center have been focusing their efforts on protecting customers from current, in the wild threats, and established an undertaking to achieve the next...
  • News on Alcan, Mywife.E

    In Bill Gates' keynote at RSA in February, one of the subjects he spoke on was the ability for Microsoft to have a comprehensive view of the evolving threat landscape using the information and feedback from such tools as Hotmail, Watson, the Windows Malicious...
  • VirusTotal Participation

    Hi, this is Ziv Mador again from the Microsoft Anti-Malware team. This week, the folks over at VirusTotal added the Microsoft anti-malware engine to their service. VirusTotal is a free service that enables users to submit suspicious files to be scanned...
  • Microsoft Security Intelligence Report (January – June 2007) is Now Available

    One of the Microsoft Malware Protection Center’s (MMPC) goals is to share the valuable data, insights and expertise we have with customers on a regular basis in an effort to help customers better understand the changes occurring in the threat landscape...
  • Antispyware Coalition Meeting in Ottawa

    Eric and I attended the Antispyware Coalition Meeting and Workshop last week. It was a good opportunity to meet with many of our peers in the industry as well as a very pleasant trip overall. Ottawa, where the event was held, is a great city and in addition...
  • Sony rootkit signatures now available

    Hi, we are Eric Allred and Ziv Mador, response coordinators for the anti-malware technology team. We have analyzed several versions of the rootkit that have been shipped as part of Sony’s XCP software. We are calling the family WinNT/F4IRootkit. We...
  • Windows Live OneCare is Certified !

    We're certified ! This morning, Microsoft issued a press release describing how Windows Live OneCare has acquired multiple certifications for antivirus and firewall from ICSA Labs and West Coast Labs, two of the top labs for antimalware product...
  • My TechEd Summer Vacation

    Hi again, just recently returned from MS TechEd in Orlando, oh it was HOT! It was great to get a chance to meet some customers and partners face to face and discuss what’s happening at a more granular level today in the enterprise. The issues they...