Microsoft Malware Protection Center

Threat Research & Response Blog

February, 2013

  • Understanding the impact of piracy on cybersecurity

    Today Microsoft released a special edition of its Security Intelligence Report ( SIR ) titled " Linking Cybersecurity Policy and Performance ." The report examines the relationship between quantitative indicators about a country or region -- such as computers per capita, broadband penetration and whether the country or region had adopted certain public policies to advance cybersecurity -- and the rate of malware infections as measured by computers cleaned per mile ( CCM ) by the Malicious Software...
  • The curious case of the Exploit:Java/CVE… infection

    When I first started working in the antivirus industry, I found that learning how Java exploits work, even at a very high level, was difficult. Even now with a few seasons under my belt, understanding the process and consequences of the exploitation of a Java vulnerability still proves challenging. Based on the feedback we see from some of you, I’m not alone. There are a lot of technical papers and blogs to be found that tell you how a Java vulnerability is exploited. In this blog, I’d...
  • MSRT February 2013 – Sirefef

    The family added to the February release of the Malicious Software Removal Tool is Win32/Sirefef . Win32/Sirefef is a highly prevalent complex multi-component family which continues to evolve. The payload for current variants may include such actions as modifying browser search engine results, generating pay-per-click revenue and performing Bitcoin mining on an affected computer. The first detection for Sirefef was added in July 2009. Whilst the form of some malware families remains relatively...
  • The strange case of Gamarue propagation

    We have seen variants of Worm:Win32/Gamarue spread via removable drives in the past, but recent variants have adopted a more convoluted method of spreading involving several components. Let's take a look at one. For this variant of Worm:Win32/Gamarue, we start with an infected removable drive, for example a USB flash drive. Our infected example drive contains the following files: ~$wb.usbdrv , detected as Worm:Win32/Gamarue.N desktop.ini , detected as Worm:Win32/Gamarue.O thumbs.db...