Microsoft Malware Protection Center

Threat Research & Response Blog

September, 2013

  • Mevade and Sefnit: Stealthy click fraud

    ​Recently Trojan:Win32/Mevade made news for being the first large botnet to use Tor to anonymize and hide its network traffic. Within a few weeks, starting mid-August, the number of directly connecting Tor users increased by almost 600 percent - from about 500,000 users per day to more than 3,000,000. Last week we concluded, after further review, that Mevade and Sefnit are the same family and our detections for Mevade have now been moved to join the Sefnit family. Win32/Sefnit is a well-known...
  • MSRT September 2013 - Win32/Simda

    This month’s Microsoft Malicious Software Removal Tool (MSRT) release includes one new malware family – the high-volume banking trojan Win32/Simda . Simda is a multi-component malware family that includes trojan, backdoor, password-stealing, downloader and file-infector variants. It is very rare for a single malware family to possess all of these characteristics; Alureon and Sirefef are among the few families also in this category. Simda was first seen in mid-2009 with samples detected...
  • End of support for Java SE 6

    ​If you’re running Java SE 6, we have some news for you: Oracle stopped providing public updates to it after February 2013. Enterprise customers will still have access to long term help through their support channels. For everyone else, you should upgrade to Java SE 7 and remove Java SE 6 - remember Java doesn’t remove older versions by default. Malware exploiting vulnerabilities in Java isn’t new. We’ve written about Java vulnerabilities on this blog before. In fact...