Microsoft Malware Protection Center

Threat Research & Response Blog

January, 2009

  • Centralized Information About The Conficker Worm

    Since the time Microsoft released security update MS08-067 , we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia and in multiple blog posts for example here . This blog provides a summary of the available information Microsoft has provided on the Conficker worm and the vulnerability it exploits, which Microsoft addressed with MS08-067 . First, we outline the various attack vectors because it’s important for customers to understand...
  • MSRT Released Today Addressing Conficker and Banload

    Back on Oct. 23, 2008, Microsoft released a critical security update for Windows: MS08-067 . Isolated attacks existed at the time of the bulletin release and in our blog we strongly recommended installing the security update as quickly as possible. Later, a few trojans that exploit this vulnerability were found and a month from the release of the bulletin we blogged again, this time about the first worm which exploited that vulnerability: Win32/Conficker ( here and then here ). Over the last couple...
  • Waledac Trojan Hosted by Fake Obama Website

    “Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve.” We've seen Barack Obama's name used by malware authors for malevolent purposes before, during the campaign and leading up to the US Presidential Elections. Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve. They've almost perfectly mimicked the official Obama website, www.barackobama.com , and registered...
  • Zlob: From Russia with Luck?

    A group of French researchers known as 'Malware Analysis & Diagnostic' picked up on a Win32/Zlob variant which contained a follow up to a blog post we made in October. It’s interesting that the malware author confirmed that he’s in Russia, and it warms my heart that they’re “ closing soon ”. For Windows Defender's Team: I saw your post in the blog (10-Oct-2008) about my previous message. Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft...
  • Banload – The Other January Addition to MSRT

    This month’s MSRT release includes signatures for Win32/Banload . This family of malware is known to download and execute variants of both Win32/Bancos and Win32/Banker – which are both malware families of password stealing trojans. Typically, they attempt to capture online banking credentials and other sensitive information. The data gathering is performed by various means, such as key-logging. If any of these three malware families sound familiar, it is probably due to how long each family has...