Microsoft Malware Protection Center

Threat Research & Response Blog

May, 2014

  • MSRT May 2014 - Miuref

    ​Two new families were added to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Filcout and Win32/Miuref . We first detected Filcout in April 2014 after we observed it installing variants of Win32/Sefnit . We first detected Miuref in December 2013. This blog will discuss Miuref, a browser hijacker that can perform click fraud and hijack search results. The family has a number of means of getting itself onto a user’s computer. It can be installed via an exploit such...
  • SIRv16: Cybercriminal tactics trend toward deceptive measures

    Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate ( Computers Cleaned...
  • The evolution of Rovnix: new Virtual File System (VFS)

    Last July, we published a blog about Rovnix’s private TCP/IP stack . We recently discovered another evolution in Rovnix – a variant that introduces a new Virtual File System (VFS). With our latest signature update we detect this Rovnix dropper as TrojanDropper:Win32/Rovnix.L and the infected VBR (Volume Boot Record) as Virus:DOS/Rovnix.gen!A . Unlike older Rovnix variants that store their components as raw disk sectors at the end of the disk, TrojanDropper:Win32/Rovnix.L stores...