Microsoft Malware Protection Center

Threat Research & Response Blog

July, 2009

  • We're Excited to Announce the Release of the MMPC Portal V2!

    We’ve been working hard, have heard your feedback, and are excited to announce V2 of the MMPC Portal ! This new portal contains several new features including stream-lined sample submission and tracking, which is made possible by creating an MMPC profile. When you log in, the information saved in your MMPC profile auto-populates the sample submission form, thereby expediting the submission process. You can then monitor the status of your submission online – if you are logged in (using your MMPC profile...
  • Let telemetry be your guide, a proposal for security tests…

    Users today are offered choices among many security products, any number of which are sufficient, and none perfect. Along with these products are myriads of product test results and certifications, all there to help you make a better, more informed decision on which product to use. And as product developers, we’ll point to the tests and reviews that best represent our product. (Like this recent report on the just released Microsoft Security Essentials Beta and the most current AV-Comparatives test...
  • The Newest Member of our Rogues Gallery

    The family added to the July MSRT release is Win32/FakeSpypro . As is often the case with rogues, they employ the use of multiple "names" over time. The current branding used by Win32/FakeSpypro is "Antivirus System PRO" with the previous incarnation being "Spyware Protect 2009". The " user interface ": Typically, Win32/FakeSpypro assaults the user with a barrage of system tray warnings, fake firewall messages and other pop-ups displaying fake warning messages. The ultimate goal of...
  • Happy Birthday USA! (The Waledac way)

    Since Independence Day just passed, this probably looked appealing for the Waledac guys to drops us another campaign. The Waledac malware family is known for using special and recent events to try to increase their chances of infecting computers. We’ve blogged about past Waledac spam runs in the past such as during Valentines and the US presidential elections last year. We’ve also seen Waledac take advantage of this event to send out another campaign. The “Independence” spammed e-mail looks like...
  • An update from FIRST and what we can learn from the Nijō Castle

    Hi, Ziv Mador again. This week I’m attending the FIRST conference in Kyoto, Japan along with four of my Microsoft colleagues: Steve Adegbite, Andrew Cushman, Jonathan Ness and Dan Wolff. Today Jonathan, Steve and I gave a presentation about Microsoft's response to the attacks which exploited a 0-day vulnerability back in the fall of 2008. Microsoft released a security update MS08-067 that fixed that vulnerability. Given the wormable nature of that vulnerability, we had strongly encouraged customers...