Microsoft Malware Protection Center
Threat Research & Response Blog
Search this blog
Search all blogs
View More Blogs
Ecosystem Strategy Blog
Microsoft Accessibility Blog
Microsoft BlueHat Blog
Microsoft Malware Protection Center Blog
Microsoft Security Blog
Microsoft Security Response Center Blog
Security Development Lifecycle Blog
Security Research & Defense Blog
Security Tips & Talk Blog
Trustworthy Computing Blog
Microsoft Malware Protection Center
Browse by Tags
Malicious Software Removal Tool
Microsoft Security Essentials
Security Intelligence Report
MSRT January 2014 – Bladabindi
This month the Malicious Software Removal Tool (MSRT) includes a new malware family - MSIL/Bladabindi . An interesting part of this family is that the author made three versions of this RAT, written in VB.NET, VBS and AutoIt. The malware builder is also publically available for download. Because of...
14 Jan 2014
Korean gaming malware - served 3 ways
Recently, we’ve seen similar activities being performed by different malware that monitor online Korean applications. Mostly, the applications they monitor are card games, such as those in Figure 1. Figure 1: Examples of online Korean games that are being monitored. (Source: http://www.hangame...
21 Dec 2012
Easy Money: Program:Win32/Pameseg (part one)
Nowadays many people believe in the opportunity to achieve great wealth without much effort, not leaving the house, not interrupting their favorite computer games, forums, social networking and so on. This type of opportunity is widely marketed by companies providing paid digital content services. You...
14 Nov 2011
Obfuscating, bifurcating, escalating and mitigating on 64-bit
With the growth in adoption of 64-bit architectures and associated operating systems, we're seeing the usual malicious suspects following the trend. We have seen variants of several families, including Alureon , Koobface , Sirefef and Ursnif targeting this platform. These families adopt various techniques...
13 Jul 2012
Keep your Facebook friends close and your antivirus closer
Facebook malware attacks are not new. Scams spreading via status updates have been around for a long time, but in recent weeks one threat has been getting creative in terms of social engineering. Backdoor:Win32/Caphaw.A can intercept URL requests in both Firefox and Internet Explorer and it has been...
17 Nov 2011
All copy and paste makes Jack a bored boy
We recently came across what appeared to be a new sample, but was actually part of malware discovered in 2010. This new-old sample is built from publicly available source code and, like many of its kind, is frequently rebranded. Because of all the changes that malware authors have made, we have detection...
31 Oct 2012
How to defang the Fake Defragmenter
We are tracking the trails of this fake " System Defragmenter " software since its first appearance last October 2010, and have warned our customers in our earlier post about this trojan software. In this follow-up post, we give an update including a new variant worth noting for our customers...
19 Mar 2011
An analysis of Dorkbot's infection vectors (part 1)
Malware nowadays benefits from the complexity of the Internet ecosystem to infect new computers through vectors such as browser plugins, social networks, and instant messaging programs. In this two-parter series, we'll look at Worm:Win32/Dorkbot, a prevalent worm with the capabilities of an IRC backdoor...
14 Nov 2012
Backdoor Olyx - is it malware on a mission for Mac?
The recent emergence of rogue security software applications for Mac demonstrates how cybercriminals effectively use social engineering techniques to manipulate users’ responses - specifically, exploiting user’s fear of revealing sensitive information such as credit card details. This scare tactic evidently...
26 Jul 2011
Don't fall for Folstart
We use thumb drives in different ways – usually to transfer files from one computer to another. When we create folders in thumb drives, we have a certain level of confidence that the folder isn't malicious or doesn't contain malware. Unfortunately, this assumption is not always true. For the month...
13 Nov 2012
An analysis of Dorkbot’s infection vectors (part 2)
In part 1 of this series , we talked about Dorkbot and its spreading mechanisms that required user interaction. In this post, we'll talk about how Dorkbot spreads automatically, via drive-by downloads and Autorun files. Spreading vectors not requiring user interaction: Drive-by downloads and Autorun...
21 Nov 2012
ELAM Is Black and White
At the Virus Bulletin conference this year, there was a talk about the limitations and suggested enhancements for the Early Launch Anti-Malware (ELAM) environment. The main observation, complaint if you will, was that there is no way for an anti-malware (AM) engine to perform a deep scan. However, there...
11 Oct 2012
Mobile threats on the desktop
The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications...
20 Oct 2011
© 2014 Microsoft Corporation.
Privacy & Cookies