We’re very excited to announce that Microsoft has teamed up with Facebook to offer Windows users free malware protection with Microsoft Security Essentials. Since May 1st, Facebook users have had the choice of downloading and installing Microsoft...

In June 2009, Microsoft issued security update MS09-027, which fixed a remote code execution vulnerability in the Mac version of Microsoft Office. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet...

The moment of infection, and the circumstances that lead to the introduction of malware to a system, are often not obvious. This short case study examines our observations and investigations into a particular example that illustrates a fairly typical...

Conficker is one of the most significant threat families facing organizations worldwide today; its initial impact along with its continued obstinacy shows that clearly. In the fourth quarter of 2011 – three years after its initial release –...

'​Eleonore ' is a malware package that contains a collection of exploits used to compromise web pages. When the compromised web pages are viewed via vulnerable systems, the exploit payload is run. Eleonore is purchased by an attacker from an underground...

Computer users around the world are increasingly accustomed to managing their bank accounts, paying their bills and performing other activities online. The use of technology to manage finances has long been a target of attackers, and malware authors continue...

We included three threat families in the April edition of the Microsoft Malicious Software Removal Tool - Win32/Claretore , Win32/Bocinex and Win32/Gamarue . In this post, we discuss Win32/Claretore. The earliest reported variant in this family can...

We have discussed in the past our collaboration with external parties to combat botnet threats to further the betterment of the Internet, such as Operations b49 , b107 and b79 . This week, Microsoft has partnered with security experts and the financial...

Recently at CanSecWest 2012, we presented on the technology we use for analyzing malicious samples and PoC files. As malware often actively attempts to exploit software vulnerabilities these days, understanding the internals of these vulnerabilities is...

In this post, we explore a telemetry spike in Java/OpenConnection and CVE-2011-3544 exploit activity. While reviewing user feedback from the Microsoft Malware Protection Center recently, we noticed an unprecedented amount of feedback on one particular...

Recently we received a few samples that exploit the latest patched JRE (Java Runtime Environment) vulnerability. These samples are kind of unusual to see, but they can be used to develop highly reliable exploits. The malicious Java applet is loaded from...

The last two years have seen an increase in malware which takes control of, and holds hostage an infected machine, locking the user out until a payment of some form can be extorted. This threat type is also known as 'ransomware'. Various tactics have...

In a previous post , we discussed Win32/Dorkbot , one of the major threat families included in the March 2012 release of MSRT. In this post, we discuss the other inclusions, Win32/Hioles , Win32/Pluzoks and Win32/Yeltminky . Win32/Hioles Similar...

This month, the MMPC added Win32/Dorkbot to the Microsoft Malicious Software Removal Tool along with detections for the threats Win32/Hioles , Win32/Pluzoks and Win32/Yeltminky . Win32/Dorkbot is described as an IRC-based botnet and a worm, a backdoor...

The other day, while previewing messages in my inbox, I saw a conspicuous message with the following parameters, typos included: To: (email address) CC: (email address),... Subject: Your ex sent me this pciture of you. Body: Hey (email address), Your...