Microsoft Malware Protection Center

Threat Research & Response Blog

January, 2013

  • Customer-focused prioritization

    Our guiding vision at the Microsoft Malware Protection Center (MMPC) is to keep every customer safe from malware. Both our research team and automated systems work around the clock in an effort to achieve this vision. The volume of threats that attackers are developing continues to increase. For example, last month we collected and analyzed 20 million new potential malware files. Six percent of these files were classified as malware. From that six percent, just over 100,000 files resulted in the...
  • MSRT January 2013 - Ganelp

    To start the new year, we have added the Win32/Ganelp and Win32/Lefgroo families of worms to the January release of the Malicious Software Removal Tool . Win32/Ganelp spreads via removable drives, uploads stolen information and downloads arbitrary files from remote FTP servers. We have had detection signatures for this family for approximately 2 years and it continues to be prevalent, as seen in Figure 1. Figure 1: Ganelp monthly report volume January 2011 to December 2012. What we...
  • Making the most of fear and deception – rogue v ransomware (part 1)

    This is the first of a two-part post. Fear can be a great motivator for getting someone to act on the receipt of a message (think public health messages regarding smoking, or wearing sunscreen). Add some deception in there, and you have a powerful tool of illegitimate influence that can be used to get people to act in ways that are not in their best interest. Unsurprisingly, the same folks that bring you malware are the same folks that have no problem at all using illegitimate and deceptive fear...
  • Making the most of fear and deception – rogue v ransomware (part 2)

    This is the second of a two-part post, and continues from " Making the most of fear and deception – rogue v ransomware (part 1) ". Ransomware’s approach is aggressive. It uses fear to motivate an affected user to pay a fee (usually not with a credit card but using another payment system – Green Dot Moneypak, Ukash, and others). It generally uses only one deceptive message and is quite specific: you receive a message, supposedly from the police or some other law-enforcement agency...
  • Key lessons learned from the latest test results

    AV-Test just published the results of their most recent antimalware vendor testing, and they didn't grant Microsoft Security Essentials and Microsoft Forefront Endpoint Protection their "AV-Test Certified" status. We conduct a rigorous review of the results whenever test results warrant it. We take the protection of our customers very seriously, and the investments we make to do these reviews is an example of that commitment. Our review showed that 0.0033 percent of our Microsoft Security Essentials...
  • A technical analysis of a new Java vulnerability (CVE-2013-0422)

    Recently, a 0-day vulnerability ( CVE-2013-0422 ) was disclosed. Oracle promptly reacted on this 0-day vulnerability, and last weekend a new patch was made available. Here's the advisory from Oracle. You can download latest JRE here . As the vulnerability is specific to Java 7, if you're using JRE 7, you should apply the patch. From our analysis, we've seen that it is a package access check issue which allows the untrusted Java applet to access the restricted class in trusted code. Using a vulnerable...