Microsoft Malware Protection Center

Threat Research & Response Blog

May, 2010

  • Congratulations to the Department of Justice, FBI and Microsoft’s Digital Crimes Unit

    The FBI announced today federal indictments against those allegedly involved in the distribution of the WinFixer family of malware. WinFixer is a form of software often referred to as “ rogue security software ” or “scareware”. WinFixer is, essentially, software which fraudulently purports to provide a security benefit and in exchange solicits credit card information in order to charge the victim for a full version which will clean up infections which may not even be present...
  • Let’s Celebrate Best Buy's 20th Anniversary

    Last week, I was checking my Facebook account and noticed I had an Event Invitation from a fellow security researcher. Very intriguing. This friend is a world traveler and doesn’t currently reside in the United States, but the Event Invitation was for a Free $1000 "Best Buy gift card to celebrate Best Buy’s 20th Anniversary". Alarm bells started ringing and I knew it had to be a scam. But let’s take a look... There was no reason I could think of why they would use a bit...
  • MSRT May Threat Reports and Alureon

    Last month we had reported good cleaning results against the Win32/Alureon rootkit, and this month we have more good numbers to share with the May edition of MSRT. Similar to last month, we continued to add detection for newer variants of Alureon: Variant Computers Cleaned Change Virus:Win32/Alureon.A 47,310 +12% Virus:Win32/Alureon.B 5,546 -40% Virus:Win32/Alureon.F 20,717...
  • MSRT May 2010: On the Offensive Against the Odious Oficla

    The family added to this month's MSRT release is Win32/Oficla , which is a downloader that is able to receive download 'tasks' from a control server. In the wild, variants of Win32/Oficla have been observed to download variants from families such as Win32/Cutwail , Win32/Zbot , Win32/Alureon , Win32/FakeScanti and Win32/FakeRean . The Win32/Oficla package, which includes the software infrastructure to manage and control the Oficla drones, is sold online. The controller is able to inspect various...
  • Updating Pays Security Dividends

    On the newly published Volume 8 of the Microsoft Security Intelligence Report (SIR), you will find a familiar observation on malware infection across Windows operating systems, based on the Microsoft Windows Malicious Software Removal Tool (MSRT), one of the datasets that contributed to the SIR. What's new is the first appearance of Windows 7 and Windows Server 2008 R2, both released in late 2009. Data shows that Windows 7 is less likely to be infected by malware compared to the earlier...