Since the time Microsoft released security update MS08-067 , we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia and in multiple blog posts for example here . This blog provides a summary of the available information Microsoft has provided on the Conficker worm and the vulnerability it exploits, which Microsoft addressed with MS08-067 . First, we outline the various attack vectors because it’s important for customers to understand...

This month’s MSRT release includes signatures for Win32/Banload . This family of malware is known to download and execute variants of both Win32/Bancos and Win32/Banker – which are both malware families of password stealing trojans. Typically, they attempt to capture online banking credentials and other sensitive information. The data gathering is performed by various means, such as key-logging. If any of these three malware families sound familiar, it is probably due to how long each family has...

“Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve.” We've seen Barack Obama's name used by malware authors for malevolent purposes before, during the campaign and leading up to the US Presidential Elections. Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve. They've almost perfectly mimicked the official Obama website, www.barackobama.com , and registered...

Back on Oct. 23, 2008, Microsoft released a critical security update for Windows: MS08-067 . Isolated attacks existed at the time of the bulletin release and in our blog we strongly recommended installing the security update as quickly as possible. Later, a few trojans that exploit this vulnerability were found and a month from the release of the bulletin we blogged again, this time about the first worm which exploited that vulnerability: Win32/Conficker ( here and then here ). Over the last couple...

A group of French researchers known as 'Malware Analysis & Diagnostic' picked up on a Win32/Zlob variant which contained a follow up to a blog post we made in October. It’s interesting that the malware author confirmed that he’s in Russia, and it warms my heart that they’re “ closing soon ”. For Windows Defender's Team: I saw your post in the blog (10-Oct-2008) about my previous message. Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft...