Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Facebook offers Microsoft Security Essentials as a security solution

    We’re very excited to announce that Microsoft has teamed up with Facebook to offer Windows users free malware protection with Microsoft Security Essentials. Since May 1st, Facebook users have had the choice of downloading and installing Microsoft Security Essentials as their security solution....
  • Blog Post: Mobile threats on the desktop

    The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications...
  • Blog Post: MSRT June Release, taking care of a few worm families

    In this month's MSRT release, we added three new threat families to the detection capability. One of these three is Win32/Nuqel , which has been around for four years since its first variant was found. More than 60 variants of Win32/Nuqel have been identified in the wild. This worm spreads itself via...
  • Blog Post: Bredolab Takedown, Another Win for Collaboration

    Earlier this week (October 25), authorities in the Netherlands took action against one of the Win32/Bredolab botnets and person(s) who may be responsible for this threat as part of an investigation codenamed TOLLING- part of a larger project named TAURUS. This follows on the heels of similar efforts...
  • Blog Post: MSRT Tackles Fake Microsoft Security Essentials

    We've seen a few rogue security programs use elements of legitimate security software in order to try to make themselves appear more authentic. It was inevitable that Microsoft Security Essentials would be the target of this kind mimicry. While some rogues have simply copied Security Essentials' name...
  • Blog Post: Are you beta testing malware?

    This post is part one of two. Popular games are often used by malware writers as social engineering bait as documented in previous blogs (" Dota Players Own3d " and " Keeping Kerrigan From Infection "). So, with a watchful eye for anything related to games used as an infection vector, we came across...
  • Blog Post: MSRT January ‘11: Win32/Lethic

    Win32/Lethic is a trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “ shelldm.exe ” or “ xcllsx.exe ”. The malware loads as a process when Windows starts. The trojan establishes a connection to remote servers using...
  • Blog Post: MSRT December: If it quacks like a bot, it's probably Qakbot.

    This month, the MSRT team has added the Win32/Qakbot family of backdoors to its detections.  Qakbot is composed of several components, including a keylogger, a password stealer and a user-mode rootkit.  Qakbot is commonly distributed as the payload of what appear to be attacks, mainly targeted...
  • Blog Post: New: Microsoft Security Intelligence Report Volume 11- Now Available

    Hi, again everyone! Today we released the 11th volume of the Microsoft Security Intelligence Report , also known as SIRv11.   I have to say once again we’ve outdone ourselves and launched the largest and most comprehensive version of this report to date. This time it’s over 800 pages of threat...
  • Blog Post: Microsoft Security Essentials beta registration opens

    Today we announce that the Beta for the next version of Microsoft Security Essentials is open for registration. Do you want to try out our latest innovations in protection and performance? Are you interested in helping to improve Security Essentials? The number of users than can participate...
  • Blog Post: A Happy Thanksgiving from Rebhip?

    A day before Thanksgiving, as I was doing my work, I came across a sample (SHA1:b9b52db22d35c50081054d4ece39f520ae3ef9fe) from a customer submission, with the usual " ecard.exe " filename. It has an image icon but with an .EXE extension; a clear sign of malicious intent. As I further investigated...
  • Blog Post: re-BOOT This Year Clean

    It is that time of the year again to start anew. In terms of personal computers, the act of restarting the machine is called a reboot – an action that triggers execution of code from a special part of the disk called the Master Boot Record (a.k.a. MBR). As the year 2010 ended, I looked at some of the...
  • Blog Post: Presenting... the Microsoft Safety Scanner

    We have just released a new tool called Microsoft Safety Scanner to help you diagnose if your computer is infected and clean it if possible. It is available from www.microsoft.com/security/scanner . The old online safety scanner from safety.live.com also now points to www.microsoft.com/security/scanner...