Today, Microsoft announced plans to release of an out-of-band update to address CVE-2010-2568 (described in Microsoft Knowledge Base Article (2286198) ).  As mentioned earlier this month, the Microsoft Malware Protection Center (MMPC), along with...

"Adun Toridas!" Starcraft fans would recognize that as a famous line from the first Starcraft version, which was released in 1998. Starcraft is a real-time strategy game that became a massive hit worldwide. The release date for its sequel, Starcraft II...

We’ve added detection for two new malware families using the vulnerability described in SA2286198 . The first, Win32/Vobfus, is actually a family of obfuscated worms that has been around since 2009. According to our fellow researcher Marian Radu...

For the past week or so, we've been closely tracking a new family of threats called Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). In the past few days, it has become a popular topic of discussion amongst...

This month, we added the Bubnix family to the latest Malicious Software Removal Tool (MSRT) release. WinNT/Bubnix is a complicated spam bot which arrives on an affected computer by way of a downloader, TrojanDownloader:Win32/Bubnix.A . TrojanDownloader...

Just a quick post here to provide an update on the attack attempts related to the Help and Support Center vulnerability and to stress the importance of applying the critical update made available today, MS10-042 , which fixes the issue for the two vulnerable...

Often you read about how, during major news events, the bad guys have commandeered the search engines so if you go looking for more information about the news event, you end up at a page that’s serving you some malware nowadays -- usually some kind of...

We've been monitoring for active attacks on the Windows Help and Support Center vulnerability (CVE-2010-1885) since the advisory was released on June 10th. At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on...

It's been ten years since I first noticed the word "callback" in the Thread Local Storage (TLS) section of the Portable Executable format documentation. Since then, we've seen it used and abused by virus writers, packer vendors, and general mischief-makers...

A recently discovered backdoor sample (detected as Backdoor:Win32/Yonsole.A ) can accept and execute a command from a remote server to modify the Master Boot Record (MBR) on the affected machine. The modification to the MBR is like the old "Stoned" virus...

Almost a year ago, I wrote a blog on promoting the use of telemetry when anti-malware testers compile their set of malware to run tests. I thought it might be time to give people an update. Basically, changing testers’ habits is like the proverbial...

This month we add the rogue security program that we call Win32/Fakeinit to the list of malware families removed by MSRT. David wrote about Fakeinit a few months ago and it hasn't really changed since then. It's still calling itself "Internet Security...

Recently Samsung released a new cell phone, the Wave, with a microSD card infected with malware. The malware itself doesn't run on the phone, but does try to infect your computer. One could speculate that the imaging computer used to manufacture the first...

The FBI announced today federal indictments against those allegedly involved in the distribution of the WinFixer family of malware. WinFixer is a form of software often referred to as “ rogue security software ” or “scareware”...

Last week, I was checking my Facebook account and noticed I had an Event Invitation from a fellow security researcher. Very intriguing. This friend is a world traveler and doesn’t currently reside in the United States, but the Event Invitation was...