Every now and then a would-be criminal online picks the wrong potential victim. I was recently selling a 1995 Ford Escort on the site Craigslist.com and had a number of interested buyers. One such candidate offered a $500 IOU plus a six-month supply of...

Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010.  This report focuses on one botnet in particular...

We recently updated the Microsoft Safety Scanner - a just-in-time, free cleanup tool.  The new version adds support for 64-bit Windows systems and also allows for the download of the tool to run in non-networked systems such as those behind an air...

Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a sandbox environment and enjoying the beautified source...

We've noticed a few odd rogue security software applications recently—although this type of threat is nothing new, these samples are interesting because they target the Mac OS X operating system. There have been several variants of a threat,...

In 1999, a new virus, Win32/Crypto, was discovered. It was using brute-force attacks against its encryption key to decrypt its body. Today, in 2011, variants of Win32/Alureon are bringing this old-school technique back to life, with some extra naughtiness...

There's been talk of a new threat called " Sunspot ", which we detect as Win32/Ambler.A (click to read more in our encyclopedia). Like several others in the AV industry, we feel that this threat is not a new ‘crimeware kit’, and is instead...

One of the most striking statistics in our recent Security Intelligence Report (SIRv10) is the change in social network phishing (attacks focused on impersonating a social networking site in an attempt to steal and exploit your credentials). This change...

We have just released a new tool called Microsoft Safety Scanner to help you diagnose if your computer is infected and clean it if possible. It is available from www.microsoft.com/security/scanner . The old online safety scanner from safety.live.com also...

Since 2006, we have released ten volumes of the Security Intelligence Report , providing customers with unparalleled insight into the software threat landscape and guidance to better protect themselves. The threat landscape has changed significantly during...

This month's addition to MSRT is Win32/Ramnit . Having been discovered in April 2010, the family is relatively new, however, the authors of Ramnit seem to have a preference for using an older generation of malicious techniques. Whilst there are still...

The Windows heap memory is a rich source of anti-debugging techniques. It can be altered in numerous ways to achieve interesting effects, such as the execution of arbitrary code in particular circumstances. It can also be used in indirect ways, since...

I received a spam email from a friend lately after which I immediately notified him of a potential malware infection.  He insisted his technician had taken care of the infection once and for all.  After I returned from my vacation I received...