Microsoft Malware Protection Center

Threat Research & Response Blog

March, 2014

  • Creating an intelligent “sandbox” for coordinated malware eradication

    ​Hello from China where I am presenting on coordinated malware eradication at the 2014 PC Security Labs Information Security Conference . Coordinated malware eradication was also the topic of my last blog . I said the antimalware ecosystem must begin to work with new types of partners if we are going to move from the current state of uncoordinated malware disruption , to a state of coordinated malware eradication . Since then we’ve been talking about these ideas at conferences around the...
  • MSRT March 2014 – Wysotot

    This month the Microsoft Malicious Software Removal Tool (MSRT) will include the Win32/Wysotot and MSIL/Spacekito families. Below we discuss the history and common behaviors of the Win32/Wysotot family of malware. We first added detection for Win32/Wysotot in October 2013. Figure 1 shows the number of machine encounters since then. Figure 1: Wysotot detections Win32/Wysotot is usually installed by software bundlers. Figure 2 shows some of the programs we have seen downloading Win32/Wysotot...
  • Sefnit’s Tor botnet C&C details

    ​We have talked about the impact that resulted from the Sefnit botnet Tor hazard as well as the clean-up effort that went into that threat. In this post we’d like to introduce some of the details regarding the Tor component’s configuration and its communication with the Tor service. Specifically, we’ll talk about how Trojan:Win32/Sefnit.AT communicates with the Tor network, what domains it tries to contact, and where it keeps its configuration data. After Sefnit installs the...
  • PC health – Part 1: Information stealing malware

    When we were building Windows 8, MMPC partnered with several teams in Microsoft to start the PC Health program. The PC health program has two goals: To inform and guide customers on additional actions to take when malware might have put their information at risk To monitor the health of PCs running our antimalware products and initiate remediation as required We’ll discuss the PC health program in this two-part blog. Part 1 focuses on the first goal: informing and guiding our...