Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Dishigy dishes out the DDoS and we dig deeper...

    ​The May edition of the Microsoft Malicious Software Removal Tool saw the inclusion of two new malware families: Win32/Unruy and Win32/Dishigy . Let's dig a bit deeper into Dishigy and the nature of Denial of Service . So, bear with me while I take you back to security 101… A Denial of Service...
  • Blog Post: MSRT Nov' 11: Cridex - the hex of Skidlo

    Earlier, we discussed Win32/Carberp , a malware family included in the November release of the Malicious Software Removal Tool. In this post, we discuss another included malware, Win32/Cridex . Win32/Cridex is a relatively new family; we discovered its first variant in the wild in August 2011. This trojan...
  • Blog Post: MSRT August ’12 – What’s the buzz with Bafruz?

    For this month's Microsoft Malicious Software Removal Tool (MSRT) release, we will include two families: Win32/Matsnu and Win32/Bafruz . Our focus for this blog will be Bafruz, which is a multi-component backdoor that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance...
  • Blog Post: MSRT November '11: Carberp

    We included three threat families in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp , Win32/Cridex and Win32/Dofoil . In this post, we discuss Win32/Carberp. The first variant of Win32/Carberp was discovered early last year. This malware has evolved from a trojan...
  • Blog Post: Update on the Zbot spot!

    Hello Internet! I'm back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October's MSRT (and beyond), which means we are now in a position to provide additional information....
  • Blog Post: MSRT October '11: EyeStye

    This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison . EyeStye (aka 'SpyEye') is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs...
  • Blog Post: Rotbrow: the Sefnit distributor

    This month's addition to the Microsoft Malicious Software Removal Tool is a family that is both old and new. Win32/Rotbrow existed as far back as 2011, but the first time we saw it used for malicious purposes was only in the past few months. In September, Geoff blogged about the dramatic resurgence...