Microsoft Malware Protection Center

Threat Research & Response Blog

January, 2010

  • Win32/Rimecud: MSRT’s success story in January 2010

    If you remember our MSRT related blog from few days ago (and if not just scroll down a bit), we informed you that in this month’s free removal tool we would be adding Win32/Rimecud to our list of prevalent malware targeted for removal. We even speculated about a possible connection between it and last month’s addition, Win32/Hamweq . This led us to belief that, given the high detection rate of Win32/Hamweq, we would have a new leader for January’s run of the removal tool. Not to our surprise, this...
  • Rimecud and Hamweq - birds of a feather

    Following the addition of Win32/Hamweq to the MSRT last month, MMPC will continue cleaning PCs in 2010 by adding another prevalent worm, Win32/Rimecud , to this month's removal tool. This is due not only to Win32/Rimecud's high detection numbers, which immediately follow those of Win32/Hamweq, but also to the similarities the two families share with each other. In fact, as part of its payload, Win32/Hamweq may download Win32/Rimecud, contributing to Rimecud's suitability as the next target for MSRT...
  • Some Observations on Rootkits

    Getting hit by a live rootkit infection is among the more unfortunate fates that can befall an unsuspecting computer user. A rootkit burrows deep into the system, modifying it at a low-level in order to hide itself and other malware, and from there fights off attempts at deactivation and removal. While real-time protection can block the rootkit from becoming active to begin with, if the computer is already infected by a rootkit, things get more interesting. Antimalware technologies must use sophisticated...