Microsoft Malware Protection Center

Threat Research & Response Blog

January, 2014

  • Coordinated malware eradication

    Today, as an industry, we are very effective at disrupting malware families, but those disruptions rarely eradicate them. Instead, the malware families linger on, rearing up again and again to wreak havoc on our customers. To change the game, we need to change the way we work. It is counterproductive when you think about it. The antimalware ecosystem encompasses many strong groups: security vendors, service providers, CERTs, anti-fraud departments, and law enforcement. Each group uses their...
  • Microsoft antimalware support for Windows XP

    Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system * . To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures...
  • Protection metrics – December results

    Happy New Year! December 2013 was an exciting month for monitoring our protection results and watching malware trends. The good news - our customer infection rate for December (0.06 percent) was lower than any other month in 2013 and one third the size of our peak in October . The Win32/Sefnit trio mentioned in the October and November 2013 results declined even more significantly than last month. Even better, Win32/Sirefef malware development appears to have stopped after the disruption effort led...
  • MSRT January 2014 – Bladabindi

    This month the Malicious Software Removal Tool (MSRT) includes a new malware family - MSIL/Bladabindi . An interesting part of this family is that the author made three versions of this RAT, written in VB.NET, VBS and AutoIt. The malware builder is also publically available for download. Because of this, there are many variants in this family, and they spread in many different ways, such as Facebook message and hacked websites. Once installed, malware in this family can be used to take control...
  • Tackling the Sefnit botnet Tor hazard

    Sefnit, a prevailing malware known for using infected computers for click fraud and bitcoin mining, has left millions of machines potentially vulnerable to future attacks. We recently blogged about Sefnit performing click fraud and how we added detection on the upstream Sefnit installer . In this blog we explain how the Tor client service, added by Sefnit, is posing a risk to millions of machines, and how we are working to address the problem. Win32/Sefnit made headlines last August as it took...