Microsoft Malware Protection Center

Threat Research & Response Blog

August, 2009

  • Password Stealers are Top Threats in China and Brazil

    On July 14, the MMPC added another fake security software program (rogue), Win32/FakeSpyPro, to the MSRT release. As of July 29, MSRT removal of FakeSpyPro had been reported from 187,258 machines worldwide. Rogues continue to be disruptive worldwide. Three families (FakeSpyPro, InternetAntivirus and FakeXPA) that feature in the following list of top threats worldwide reported by MSRT are rogues. Worldwide China Brazil Family Threats Machines...
  • Win32/FakeRean and MSRT

    This month we added another rogue to the MSRT family list - Win32/FakeRean . Win32/FakeRean is generally very similar to Win32/InternetAntivirus and Win32/FakeXPA , which we continue to see in large numbers each month. Following the fashion, Win32/FakeRean is distributed as several variants, each with a different name and a different "skin". Its interface is actually rendered from HTML stored inside the fake scanner's executable file. Because of this they can often look quite similar. Compare the...
  • Winwebsec on YouTube

    In a previous blog, you may have read about rogues using a fake YouTube page to entice users into downloading and installing a rogue security trojan. We are now showing you the ‘real deal’. We discovered a page (there are probably more) within the real YouTube.com (fig. 1) website trying to benefit from its user database by redirecting them, by means of social engineering (i.e. viewing an episode of a popular cartoon series) to another page (fig. 2). The malicious page pushes a fake video codec to...
  • MSRT August Top Detection Reports

    This month the MMPC added a new threat family, Win32/FakeRean , to the MSRT. You can refer to Hamish’s blog post, “ Win32/FakeRean and MSRT ” for more details on this fake, or rogue, security software. As of August 24, the MSRT had cleaned FakeRean from 162,328 infected machines. The following table shows data gathered from the MSRT since its August release. Family Threat Count Machine Count Taterf 544,662 463,000 Renos 308,789 228,973 ...