Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Social engineering tricks open the door to macro-malware attacks - how can we close it?

    The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity. With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read...
  • Blog Post: Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six months

    'Simda.AT' designed to divert Internet traffic to disseminate other types of malware. Today Interpol and the Dutch National High Tech Crime Unit (DNHTCU) announced the disruption of Simda.AT , a significant malware threat affecting more than 770,000 computers in over 190 countries. The Simda...
  • Blog Post: Upatre update: infection chain and affected countries

    Upatre is a type of malware that is typically installed on a machine after a person is tricked into clicking on a link or opens an attachment contained in a spam email. Since January 2015, we have seen spam emails commonly distributed by variants of the Hedsen and Cutwail malware families. Upatre...
  • Blog Post: Microsoft Malware Protection Center assists in disrupting Ramnit

    Recent disruption of the Ramnit malware family was successful due to a multinational collaboration, led by Europol’s European Cybercrime Center (EC3), in partnership with Financial Services and Information Sharing & Analysis Center (FS-ISAC), Symantec, AnubisNetworks, Microsoft’s Digital...
  • Blog Post: MAPS in the cloud: How can it help your enterprise?

    Malware can easily send a huge enterprise infrastructure into a tailspin. However, you can get greater protection from malware by using services in the cloud. Yes, there’s an opportunity to get real-time results from suspicious malware triggers where your system can: Consult the cloud...
  • Blog Post: We've got our eye on Eyestye

    Back in October 2011, we began to remove Eyestye variants using the Malicious Software Removal Tool (MSRT) in an effort to prevent the proliferation of this botnet. Today, we published a detailed MMPC Threat Report on this family. The report provides an in-depth analysis of how Win32/EyeStye works and...
  • Blog Post: My Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability

    On Valentine's Day, an anonymous researcher announced a previously undisclosed SMB (Server Message Block) vulnerability affecting the CIFS (Common Internet File System) browser service. Along with the vulnerability, the researcher also posted Proof-of-Concept (PoC) exploit code showing exactly how to...
  • Blog Post: Facebook offers Microsoft Security Essentials as a security solution

    We’re very excited to announce that Microsoft has teamed up with Facebook to offer Windows users free malware protection with Microsoft Security Essentials. Since May 1st, Facebook users have had the choice of downloading and installing Microsoft Security Essentials as their security solution....
  • Blog Post: MMPC Threat Report: Cracking open Qakbot

    Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010.  This report focuses on one botnet in particular, Qakbot . Qakbot is a backdoor that includes user...
  • Blog Post: Operation b107 - Rustock Botnet Takedown

    Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security).   Today, a similar action has had its legal...
  • Blog Post: Newly updated MMPC whitepapers now available

    Would you like to know more about the MMPC, and how we protect computer users worldwide? We have released new versions of two whitepapers which describe how the MMPC operates, and provide an introduction to the antimalware technologies that the MMPC supports. The two new papers are: - Malware Research...
  • Blog Post: The MMPC on Facebook and Twitter

    Late last week, the MMPC officially launched its Facebook page and its Twitter account . From this Welcome page, you can read our latest blog posts, see our latest Twitter feeds, and find out what threats most affect your desktop. You can also download the latest Security Intelligence Report...