Microsoft Malware Protection Center

Threat Research & Response Blog

October, 2011

  • Update on the Zbot spot!

    Hello Internet! I'm back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October's MSRT (and beyond), which means we are now in a position to provide additional information. As I mentioned in the previous blog post , the purpose of our special Zbot September update was to glean an insight into the effectiveness of MSRT against this prolific threat. Couple that with a focus...
  • Get gamed and rue the day...

    As we discussed last week , socially engineered threats are specially crafted threats designed to lure the eye and trick the mind - they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by utilizing a compromised account or familiar website. Social engineering techniques may be used in isolation, but are often used by attackers in tandem with other types of exploit in order to perform the attacker's real purpose - delivering the payload. What follows is...
  • There’s more than one way to skin an orange…

    ​When it comes to attacking a system, and compromising its data and/or resources, there are several different methods that an attacker can choose. One of the more effective ways to make a successful compromise is to take advantage of perceived vulnerabilities in the targeted system. A vulnerability refers to a characteristic of a system that renders it susceptible to some form of attack. Kind of like a weakness, but a weakness that does not necessarily indicate a problem with the system’s design...
  • Mobile threats on the desktop

    The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications independently. This is because the consumer cannot know if the app might be malicious, thus, protection from mobile threats on the desktop is vital. We have observed mobile malware posing as a new...
  • SIRv11: Putting Vulnerability Exploitation into Context

    As Vinny Gullotto, our GM blogged earlier in the week , the 11 th edition of the Security Intelligence Report (SIRv11) has been released. One of the new areas of research in this release is a study of the most prevalent kinds of vulnerability exploitation and how much of that exploitation is 0-day (short for zero-day, an attack or exploitation of a vulnerability without an available update). We took two paths to find this answer. The first was an analysis of how the top families found by the Microsoft...
  • MSRT October '11: EyeStye

    This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison . EyeStye (aka 'SpyEye') is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs is called " form grabbing " which involves the interception of webform data submitted to the host through the client's browser. By intercepting this data, authentication information can be stolen...
  • New: Microsoft Security Intelligence Report Volume 11- Now Available

    Hi, again everyone! Today we released the 11th volume of the Microsoft Security Intelligence Report , also known as SIRv11.   I have to say once again we’ve outdone ourselves and launched the largest and most comprehensive version of this report to date. This time it’s over 800 pages of threat intelligence spanning 100+ countries and regions around the world.  The report provides threat trends and data analysis on topics like software vulnerabilities, exploits, malicious code and potentially...
  • Online game trading - sometimes more than you bargained for

    Some online games offer features for the game players to sell their game items online. In such situations, it is highly likely some sellers may send the potential buyers a screenshot of their items for sale, for example, via Instant Messaging programs. Recently, malware distributors have started taking advantage of this. They pretend to be selling items and send a "screenshot" of their items for sale, when in fact, the "screenshot" file sent is a malicious executable file disguised as an image...