On March 10 we released an update to the Malicious Software Removal Tool to add targeting of the Win32/Koobface family. The addition of this threat came out of discussions with the security team at Facebook but this is not the first time we have added a family of malicious software to MSRT on request. We regularly work with CERTs, government agencies, ISPs and companies on threats as part of our outreach activities. Win32/Koobface falls in as the sixth most common threat removed by MSRT this month...

The Microsoft Security Response Center has released Advisory 969136 today about a vulnerability in Microsoft Office PowerPoint which is being exploited in the wild. Office 2000, Office XP, Office 2003 and Mac Office are vulnerable however the latest version, Office 2007, is not. The Microsoft SRD blog provides more details about the how to protect your environment from the vulnerability. So far we’re aware of several distinct exploit files which have been used. They all seem to be used only in...

April 1st is behind us and nothing really happened with Conficker . But it is never boring in the antimalware world. We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware. We added information about mitigations against this malware at the end of this blog post. Neeris is a worm that has been active for a few years. Some of its variants used to exploit MS06-040 which addressed a vulnerability in the...

Hide behind huge numbers, making fighting against very expensive Birthday problem or paradox is the probability that, from a given set of people, two of them will have the same birthday. It is a paradox because the result defies common sense. For a group of 23 people, the chance that two of them share the same birthday is greater than 50%, and for a group of 57 people, it is higher than 99%. The best known use of Birthday Problem paradox is probably the Cryptographic Attack known as the Birthday...

Paladin describes a set of internal tools that automate the steps a researcher would take to understand how a given exploit takes advantage of a given vulnerability. As of today, these tools are not for public consumption. These tools take as input a vulnerable program and an exploit. The tools run the exploit against the vulnerable program and generate an output a file. This output file characterizes how the exploit puts the vulnerable program into a malicious state. A vulnerable program is...

Here at the Microsoft Malware Protection Center (MMPC) we look for ways to share the valuable data, insights and expertise that we have with our customers on a regular basis. We just released the sixth volume of our Microsoft Security Intelligence Report (SIR). The SIR shares the conclusions drawn by our research team using data gathered from hundreds of millions of computers worldwide and some of the busiest services on the internet. A very clear trend we saw in the second half of 2008 was the...

Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker . Here's an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: In this case the page tries to get you to download TrojanDownloader:Win32/Renos.HL which in turn installs the rogue Trojan:Win32/WinSpywareProtect . You can read tips on how to recognize and avoid fraudulent e-mail. --Hamish O'Dea

As Vinny mentioned in his post , the data in our recently released Microsoft Security Intelligence Report (SIR) clearly shows what we've been seeing in our day-to-day research over the last six months or so - rogue security software is getting more prevalent. As well as the raw data, the SIR includes some of our research into how rogues evolved over the second half of 2008. In addition to becoming more widespread, we saw rogues get more sophisticated and aggressive. There were two families that...

--Rdy all? --Mode -AP --Starting in 5 --4 --3 --2 --1 This is the typical scene in DOTA before a game starts. DOTA (Defense of the Ancients) is a very popular custom- made scenario map for Warcraft III. Popular enough that there is even a hit song named after it. DOTA is usually played online with two teams against each other with at most five players on each side. Each player selects from a range of heroes with unique skills. The goal of the game is to destroy the opponent's base. Even...

There have been new developments in the Conficker arena within the past couple of days. We would like to inform those who are concerned that the MMPC is working to make sure you have the information you need, first to be protected from any threat; and second, to provide you with a full understanding of the threat itself. There have been primarily two new binaries reported. We are pleased to inform that Microsoft products such as Windows Live OneCare, Windows Live OneCare safety scanner, and the...