Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: MSRT April ‘11: Win32/Afcore

    This month, the MSRT team added the Win32/Afcore family of trojans to its detections. This malware is also known as Coreflood . It has evolved over time, first breaking onto the scene in 2003. At the time, it was encountered when visiting a malicious web page containing obfuscated VBScript and detected...
  • Blog Post: MMPC Threat Report: Cracking open Qakbot

    Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010.  This report focuses on one botnet in particular, Qakbot . Qakbot is a backdoor that includes user...
  • Blog Post: An Early Look at the Impact of MSRT on Zbot

    As those who follow our blog already know, we added Win32/Zbot to MSRT this month.  This is a complex threat with techniques employed to make removal by AV challenging and which necessitated advances in the technology we use.  The threat is aimed at theft of credentials (often financial) and...
  • Blog Post: Bredolab Takedown, Another Win for Collaboration

    Earlier this week (October 25), authorities in the Netherlands took action against one of the Win32/Bredolab botnets and person(s) who may be responsible for this threat as part of an investigation codenamed TOLLING- part of a larger project named TAURUS. This follows on the heels of similar efforts...
  • Blog Post: Operation b107 - Rustock Botnet Takedown

    Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security).   Today, a similar action has had its legal...
  • Blog Post: The Botnet Superhighway

    The latest Microsoft Security Intelligence Report (SIR) dedicates a whole section to botnets and the role they play in today's world of malware, and for good reason - the pathways of the malware world are quickly merging into a botnet superhighway, a new conduit used for many nefarious purposes. If you...
  • Blog Post: Announcing Microsoft Security Intelligence Report version 9

    Today, the 9th edition of the Microsoft Security Intelligence Report was released as Adrienne Hall, General Manager of Microsoft Trustworthy Computing Communications, gave her keynote at RSA Europe.   This time around, we've done a few things differently.  First off - we've dedicated this particular...
  • Blog Post: Get gamed and rue the day...

    As we discussed last week , socially engineered threats are specially crafted threats designed to lure the eye and trick the mind - they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by utilizing a compromised account or familiar website. Social engineering...