Microsoft Malware Protection Center

Threat Research & Response Blog

October, 2008

  • The Cost of Free $oftware

    Today we stumbled upon an interesting file. The file in question, " wrar380CorporateEdition.exe " (md5: f054f5a1bcb79098916c80b28e4f2bec), appears to be the install kit for the WinRar archiver. Upon closer inspection, it is actually a self-extract cab installer containing 2 files: "wrar380.Regged.exe" "Setup_ver1.1808.0.exe" When the installer is run, both files execute. While the file "wrar380.Regged.exe" is actually WinRAR, the other file is actually... malware. A closer look at "Setup_ver1...
  • Rogue Antivirus - A Closer Look at Win32/Antivirusxp

    Fake (or rogue) security applications have been a cause of confusion and problems for users for some years. These applications generally display fake warnings and malware detections in order to entice users to buy the application and thus ‘disinfect’ their system. Over time, the mechanisms used to avoid detection and distribute these applications have become more complex - code obfuscation is now common, and botnets are utilized for widespread distribution. Win32/Antivirusxp is one of these rogues...