Microsoft Malware Protection Center

Threat Research & Response Blog

December, 2011

  • Disorderly conduct: localized malware impersonates the police

    We have recently seen the emergence of several samples of a ransomware family localized into different languages. Malware that relies on localized social engineering tactics has been around for a few years, as we discussed in our two-part series on Program:Win32/Pameseg, and as evident in the surge of password stealers targeting Brazilian online banking websites. Ransomware, which renders a computer unusable and then demands payment, supposedly to make it usable again, has existed for quite some...
  • FTC to refund rogue security software victims

    The United States Federal Trade Commission announced that it will begin issuing refunds to 300,000 consumers that were victims of several rogue security software scams such as " Winfixer ", " Drive Cleaner " and " XP Antivirus ". The following is a list of Microsoft antimalware product detection names that are linked to the Winfixer family: Program:Win32/AdvancedCleaner Program:Win32/Antivirus2008 Program:Win32/Antivirus2009 Program:Win32/SpywareIsolator Program:Win32/WinFixer Program:Win32/WinSpywareProtect...
  • MSRT December: Win32/Helompy

    The December 2011 edition of the MSRT includes detection and clean-up for the Win32/Helompy Family. Helompy is a worm that propagates by copying itself to the root of removable drives, and its main payload is to record account credentials and login information and send them to a remote server, where the attacker could retrieve them for use. At its roots, Helompy is a compiled AutoIt script which we first encountered in the wild in 2009. Like most malware scripted with AutoIt, it presents itself...
  • Backdoor:Win32/Fynloski.A: a short history of abuse

    In the quest to compromise users' systems, malware has always employed different and resourceful techniques to achieve its goals. From using social engineering methods, to abusing legitimate software and its features, to using a design familiar to the user, malware has used every dirty trick in the book to achieve its malicious purpose. As a case study for such behavior we'll take a look at Backdoor:Win32/Fynloski.A and how this malware uses any means necessary to gain access to the compromised system...
  • Friendly spam carries Zbot

    ‚ÄčThis morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier's website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message after paying the bill, also through email. Today, however, one message stood out in several ways. First, the subject line was quite varied from what I was expecting to see: Important Account...