Microsoft Malware Protection Center

Threat Research & Response Blog

April, 2013

  • How to protect your computer against dangerous Java Applets

    Java exploits represent a common attack vector used by the bad guys to infiltrate vulnerable computers via the web browser. We wrote about the rise of Java exploits as early as 2010 , and we haven't seen that trend decline. In fact, in the first quarter of 2013 alone, we've seen three Java remote code execution vulnerabilities being exploited in the wild: CVE-2013-0422 , CVE-2013-0431 , and CVE-2013-1493 . In response, Oracle recently introduced a new security feature regarding the way unsigned Java...
  • The rise in the exploitation of old PDF vulnerabilities

    Exploitation of software vulnerabilities continues to be a common way to infect computers with malware. Leveraging exploits allows malware authors to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge. Exploits target vulnerabilities in operating systems, web browsers, applications, or software components that are installed on the computer. For details on exploit trends and insights on security vulnerabilities please refer to the...
  • Everyone benefits from antimalware software

    How important is it really to run antivirus software? That’s a question that has been asked by many people: your average user who might question the effort required to install it or keep their subscription up-to-date, the tech-savvy user who feels their knowledge and safe Internet skills are enough to keep them out of trouble, and the technology decision-maker who has to justify the cost to their business are just a few examples. However, every single one of those people who question the...
  • Microsoft Security Intelligence Report Volume 14 released today

    This morning, we released Volume 14 of the Microsoft Security Intelligence Report (SIRv14). This new report studies our findings on trends in the threat landscape based on data from more than 1 billion systems worldwide, focusing on data collected in the second half of 2012. One interesting trend we saw surfacing in the enterprise was an increase in web-based threats. The enterprise has traditionally put a lot of effort into dealing with network worms, commonly mitigated with configuration and...
  • Nevermind Nenim's hidden agenda - we still caught it

    We recently came across an interesting threat that we detect as TrojanDownloader:Win32/Nemim.gen!A . This particular malware is a trojan downloader, and is capable of deleting its downloaded component files in a way that makes them essentially unrecoverable. This prevents the files from being isolated and analysed. Thus, during analysis of the downloader, we may not easily find any downloaded component files on the system; even when using file recovery tools, we may see somewhat suspicious deleted...
  • Threats at home and work

    ​People act differently at home and at work, so it’s no surprise that malware also acts differently at home and in enterprise. As seen in the latest edition of the Microsoft Security Intelligence Report , there are plain differences between the two, with some new changes as well. The Conficker worm and other worms are still relatively dangerous to enterprise computers, but IFrameRef has now replaced these worms as the number one threat at work. IFrameRef is a detection for a small piece...
  • The further exploits of the rogue distributors

    We can safely say that since we encountered our first rogue, they've always commanded a presence in the malware ecosystem. That was, until recently we observed a decrease in rogue activity. That's not to say they went away altogether – no, not at all – but towards the end of January we did see markedly fewer of them, with a period of about two weeks where we did not see any new undetected samples. That was, as I mentioned, until recently… Shortly after that, we saw the reappearance...
  • Distribution vs. development: What’s the story and why does it matter?

    ​In today’s threat landscape, distributing malware and developing malware are two different worlds. Both require a different set of skills in order to work and in order to achieve their separate goals. For example, in my blog post Get gamed and rue the day... , I described a bot-controlled worm in which the code fragment suggested that it belonged to an offensive development called “Andromeda”. This story about the Gamarue worm is a good example of the differences between the...
  • MSRT April 2013 – Vesenlosow

    It has been another month and we have found some more families that need some special attention that the Malicious Software Removal Tool (MSRT) is ideal to give. This month we are focused on cleaning up the Win32/Babonock , Win32/Redyms , and Win32/Vesenlosow families due to their recent increase in prevalence. Lately I have been working with the Vesenlosow family. These are worms written in Visual Basic that were first seen at the end of 2010, yet are still managing to trouble people today...