Microsoft Malware Protection Center

Threat Research & Response Blog

Microsoft Malware Protection Center

  • MSRT July 2015: Crowti

    In our ongoing effort to provide malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Crowti Win32/Reveton Crowti, a file encryption threat, is one of the top prevalent ransomware families. We have recently seen it sent as a spam email attachment with formats similar to those shown below: Figure 1: Email sp am samples delivering Crowti as an attachment As well as using spam emails as the entry...
  • Understanding type confusion vulnerabilities: CVE-2015-0336

    In March 2014, we observed a patched Adobe Flash vulnerability ( CVE-2015-0336 ) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date . Keep your third-party software, such as Adobe Flash Player , up-to-date. Be cautious when browsing potentially malicious or compromised...
  • MSRT June 2015: BrobanDel

    Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT): Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is another information-stealing malware family that...
  • Windows 10 to offer application developers new malware defenses

    Application developers can now actively participate in malware defense - in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the Antimalware Scan Interface (AMSI) - a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is currently available through the Windows 10 Technical Preview, and will be fully available...
  • Detection changes: search protection code

    ‚ÄčIn late 2014 we announced changes to our evaluation criteria regarding the way we detect programs that have search protection functionality. Microsoft security products will detect programs with browser search protection functionality from June 1, 2015. Non-compliant programs that exhibit such functionality will be detected by our software signatures that look for browser search protection code. Any program using code that can potentially perform search protection may be detected, regardless...
  • Cleaning up misleading advertisements

    The Microsoft Malware Protection Center is committed to protecting our customers and their Windows experience. We use our evaluation criteria to determine if a program should be detected by our security products. As the software ecosystem evolves, so does our evaluation criteria. We are currently updating our evaluation criteria to address new technology changes, industry trends, customer feedback, and our desire to help better protect our customers. We are working with the industry and our partners...
  • Social engineering tricks open the door to macro-malware attacks - how can we close it?

    The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity. With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice. The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro...
  • MSRT April: Unskal, Saluchtra, Dexter and IeEnablerCby

    This month we added four new malware families to the Malicious Software Removal Tool : Win32/Saluchtra , Win32/Dexter , Win32/Unskal and Win32/IeEnablerCby , further protecting customers against malicious activity. IeEnablerCby is an unwanted software family that can install browser add-ons or extensions without asking for your permission. The other three malware families also have similar information stealing capabilities, if a system is compromised. This blog will focus on Unskal, a point-of...
  • Bioazih RAT: How clean-file metadata can help keep you safe

    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative , there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our...
  • Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six months

    'Simda.AT' designed to divert Internet traffic to disseminate other types of malware. Today Interpol and the Dutch National High Tech Crime Unit (DNHTCU) announced the disruption of Simda.AT , a significant malware threat affecting more than 770,000 computers in over 190 countries. The Simda.AT variant first appeared in 2012. It is a widely distributed malware that causes significant damage to users through the manipulation of internet traffic and spread of other malware. Interpol coordinated...