Microsoft Malware Protection Center

Threat Research & Response Blog

July, 2013

  • The evolution of Rovnix: Private TCP/IP stacks

    We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack. It seems this is becoming a new trend for this type of malware. The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes. It works like this: At boot time, Rovnix hooks the following exported APIs in ndis.sys by patching the export table in memory: NdisMRegisterMiniportDriver() (for NDIS 6.0) NdisMRegisterMiniport...
  • A fresh face for the Microsoft Malware Protection Center

    Today we launched our new Microsoft Malware Protection Center website . Throughout the redesign process we have been listening to your feedback. You asked for an easier way to find our security software and updates; you can now get to all of our product downloads straight from our homepage. While you’re on the homepage you’ll also see links to our help archive , blogs , and trending security topics from the Microsoft Community forums . One of our top priorities is to make it...