Microsoft Malware Protection Center

Threat Research & Response Blog

November, 2009

  • Security Intelligence Report v7 is Now Available

    Twice a year we put together a report detailing trends that we see which are threat related in the computer security environment. Today we have released our seventh report which you can find at www.microsoft.com/sir . I’m very excited about this report. We, the MMPC , and our partners in the Microsoft Security Engineering Center , Bing , Windows Live and many others have collaborated to make this our most comprehensive report to date. The report includes insights drawn from data collected consensually...
  • The Low-Down on Daonol

    A relatively new trojan has been making the rounds and causing some problems, particularly on Windows XP systems. Trojan:Win32/Daonol is malware which hooks various system calls in order to steal credential information and redirect some Web traffic. It also protects itself by keeping some security-related software from running. Several recent versions of this malware are buggy and prevent computers from successfully shutting down or (more importantly) starting up. If you have (or someone you know...
  • Greetings from Tokyo…

    This year at the PacSec conference, I will present a Microsoft view of the threat landscape during the first six months in 2009. It will be based on telemetry data published in the latest Security Intelligence Report (SIR) published on Nov 2nd, 2009. You can find agenda of the conference at http://pacsec.jp/agenda.html From data gathered by a number of Microsoft security products (e.g. Forefront Client Security, Windows Defender, Microsoft Windows Malicious Software Removal Tool, etc.), we see...
  • Rogues FakeVimes and PrivacyCenter added to MSRT

    This month we’ve added two more rogue families to the Malicious Software Removal Tool (MSRT) – Win32/FakeVimes and Win32/PrivacyCenter . Both have been around since early 2009, but have become more prevalent in the last few months. Win32/FakeVimes has gone through a lot of different names, usually with two or three active at any given time. Currently it’s calling itself Windows System Defender and Windows Enterprise Suite . Its interface may look familiar even if you’ve never had the misfortune...
  • Plays Well With Others

    Just over a week ago the Microsoft Malware Protection Center released the seventh edition of our Security Intelligence Report covering the first half of 2009. Like all of our previous reports we have distilled information and insight from the wide array of telemetry we have available to us. New to this edition, however, is the inclusion of third party data and insight. Specifically, we have worked with Shadowserver to include data collected for the Conficker Working Group (CWG) as well as insights...
  • What's Another 32-bits to Malware?

    The migration of PC computing from 32-bit to 64-bit is in full swing at last, and if you’ve been confused as to what it all means, you’re not alone. PCs built for years now have been capable of running both 32-bit and 64-bit operating systems, but for that you need 64-bit version of Windows (and corresponding drivers for devices), and getting everything working on 64-bit used to be for brave and technical people only. There are many advantages to using a 64-bit operating system – using twice as...
  • A Peek at MSRT November Threat Reports

    By continuing to include new variants of the existing threat families, the MSRT has removed malware from more than 1.5 million machines three days after its release on 10 November. This month we’ve also added Win32/FakeVimes and Win32/PrivacyCenter to the MSRT detection and have removed these new rogues from more than 110,000 machines. A lot of the top threat families are no strangers if you refer to our previous blog posts, or our recent published Security Intelligence Report . Out of these...
  • Do and don’ts for p@$$w0rd$

    Almost a year ago , we started a project designed to monitor incoming attacks against a normal user on a day-to-day basis. We presented you with details about the geographical area from where the attacks originated and what services were targeted, and we gave you just a hint about FTP dictionary-based attacks. Now we’re going into a bit more detail about the passwords, having so far gathered hundreds of user names and tens of thousands of passwords that have been used in automated attacks in the...
  • Fake Security Software All Up

    In a recent blog posted on 18th November we talked about the significant threat that AV rogues had posed for our users this year. Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials , Forefront Client Security, etc. FakeXPA FakePowav MalwareBurn UnSpyPc DriveCleaner DocrorTrojan Winfixer FakeScanti Cleanator MalwareCrush...