Microsoft Malware Protection Center

Threat Research & Response Blog

October, 2013

  • Infection rates and end of support for Windows XP

    In the newly released Volume 15 of the Microsoft Security Intelligence Report (SIRv15), one of the key findings to surface relates to new insight on the Windows XP operating system as it inches toward end of support on April 8, 2014. In this post we want to highlight our Windows XP analysis and examine what the data says about the risks of being on unsupported software. In the SIR, we traditionally report on supported operating systems only. For this analysis we examined data from unsupported...
  • Our commitment to Microsoft antimalware

    We are fully committed to protecting our consumer and business customers from malware. Our strong solutions provide the comprehensive defense needed against malicious code and attacks. Our support of antimalware partners helps in building a strong and diverse ecosystem to fight malware. Over the past year, we’ve continued to make investments in our protection technologies: We’ve created new methods to identify emerging threats earlier and defend against them faster. Although...
  • Upatre: Emerging Up(d)at(er) in the wild

    The MMPC is constantly monitoring emerging threats that are impacting our customers the most. Recently, we started seeing Win32/Upatre being distributed in the wild. This chart shows how this threat has impacted customer machines in just about two months. Figure 1: Monthly telemetry data on Win32/Upatre downloader As we see in this next chart, the concentration of infections is in the United States with 96% of total infections, followed by the UK, Canada, and Australia. The high rate...
  • New Security Intelligence Report, new data, new perspectives

    Today, Microsoft released volume 15 of the Microsoft Security Intelligence Report (SIRv15). The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services. During the past year, as we were planning this volume of the Security Intelligence Report, and as we considered how to improve the breadth and accuracy of guidance given to our customers, we gave a lot of thought on how best to represent malware...
  • Redirect hides browser extension

    ​While analyzing a malicious Chrome browser extension we recently came across a Virtool that tries to redirect the Chrome Extension page. We detect it as VirTool:JS/Redichrextor.A . VirTool:JS/Redichrextor.A won’t let you view, change, remove or uninstall Chrome browser extensions. It does this by stopping you from viewing the Chrome Extension page. It uses this technique so an affected user won’t be able to remove or uninstall the malicious extension without help from their...
  • New infection rate data for unprotected computers

    ​In the previous Microsoft Security Intelligence Report , SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers). Using this new data, we wrote a feature story about the risks of running unprotected . Our customers told us that providing this data really helped measure the value of running real-time...
  • Our protection metrics - September results

    Earlier this year, we started publishing a new set of metrics on our portal – An evaluation of our protection performance and capabilities . These metrics show month over month how we do in three areas: coverage, quality, and customer experience in protecting our customers. And, since we started to publish the results on this page , I've had many great conversations with customers and partners alike, discussing what the results mean for their organization and their protections. In this post...
  • MSRT October 2013 – Shiotob

    ​This month the Malicious Software Removal Tool (MSRT) is giving some special attention to two malware families - Win32/Foidan and Win32/Shiotob . We are targeting these families due to their increased prevalence. Lately, we’ve been adding and improving our detections for the Shiotob family. Shiotob is a family of trojan spyware that steals system information and user credentials by monitoring network activities. These were first seen in 2011, yet are still managing to trouble people...