Have you heard of Win32/Bradop? We recently investigated this interesting data theft family in more detail and exposed some of its inner secrets. The following is a description of what we found out. Spoiler alert: spam emails, protectors, the download mechanism, database credentials, stolen data, and...

The other day, while previewing messages in my inbox, I saw a conspicuous message with the following parameters, typos included: To: (email address) CC: (email address),... Subject: Your ex sent me this pciture of you. Body: Hey (email address), Your ex sent me this picture claiming it's you. Is it...

Cybercriminals are continuing to use a social engineering trick to lure users for their malware campaigns. This time, they targeted customers of Stratfor - a subscription-based provider of geopolitical analysis. Attacks against Stratfor clients began after a reported breach of their customer database...

This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier's website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message...

As previously noted , one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil . TrojanDownloader:Win32/Dofoil is a configurable downloader. Dofoil will attempt to receive control instructions from a remote server. The response contains...

This morning my Facebook email address was invaded with spam ( scam-spam as I call it) from people in my friends list with subject titles similar to the following: “ <Some Friend1> invited you to the event You Gotta See This Exciting Feature!!<random number>" “ <Some Friend 2>...

I awoke the other day to a friend calling me and exclaiming into the phone: “My Yahoo email account was hacked !!!” He had been angrily accused by others in his contact list of sending spam messages and sharing inappropriate website links. Most of the questions he fielded had the same query: " Why...

I received a spam email from a friend lately after which I immediately notified him of a potential malware infection.  He insisted his technician had taken care of the infection once and for all.  After I returned from my vacation I received another three spam mails from him.  This time...

Recently, I received an email in my personal inbox with a subject line “MYSTERY SHOPPER ASSISTANT“ (the message did not filter to my junk folder and was not marked as spam). Image 1 – “Mystery shopper assistant” spam I’m familiar with the hobby of mystery shopping – a service provided under contract...

Earlier this week, I received a phone call via Skype on my laptop, the caller’s ID was “ dralerthelpzc8 ” as in Dr Alert Help ZC8 . The voice on the other end was automated, computerized and otherwise non-human, and alerted me that I had a virus that affects Windows Vista, Windows XP and Windows 7 and...

About a month ago, we blogged about an Adobe Flash Player vulnerability ( CVE-2011-0609 ) that was actively exploited in the wild. That exploit was hidden inside a Microsoft Excel document. Over the weekend, a new Adobe Flash Player 0-day ( CVE-2011-0611 ) was reported by Adobe in a recent advisory ...

A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I . The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor...

Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security).   Today, a similar action has had its legal...

Win32/Lethic is a trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “ shelldm.exe ” or “ xcllsx.exe ”. The malware loads as a process when Windows starts. The trojan establishes a connection to remote servers using...

It was my first night in Beijing for a long-overdue vacation. I purchased a SIM card from the airport and sent SMS greetings to friends and family and other families in town. SMS is hugely popular and a main communication channel in China. Guess what? The first SMS I received was from a strange number...

The Spambot Whilst Win32/Waledac is probably best known for the ability to send spam, it can also download and execute arbitrary files. In addition to using this downloading mechanism to update itself, Waledac can also download other malware. The MMPC has observed the download of Trojan:Win32/FakeSpypro...

About four months ago some new colleagues in the security business arrived in our Dublin office. They are part of Microsoft Anti-spam team and it is our pleasure to have them here :) The Dublin Spam team recently told us that almost every week, Microsoft Forefront Online Security for Exchange is filtering...

The family added to the April MSRT release is Win32/Waledac . If you haven't heard of the family before, there is a chance you may have seen some of the spam generated by Win32/Waledac in your inbox. We've blogged about some of the spam campaigns in the past, such as Fake Obama or the Valentine Devkit...

Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker . Here's an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: In this case the page tries to get you...

Periodically I'll glance into my spam folder within Outlook and see if the messages there deserve this somewhat final resting place. I spotted a number of messages that have a very similar pattern in the message body when viewed in plain-text mode - see if you can spot the pattern too... c'mon, it'll...

Valentine's Day is almost here. While your friends and loved ones are crafting their e-cards, malware authors are also releasing their annual love letters into the mix. Win32/Waledac started a bit early, we noticed it’s Valentine theme spam mails as early as January 26th. However, as Valentine's Day...

This month's MSRT takes on one of the largest botnets currently active worldwide – Win32/Srizbi . The Srizbi family of malware consists of trojan droppers and rootkits that often spread through spam e-mails containing download links to the malware. Much like its alleged close cousin Win32/Rustock...

“Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve.” We've seen Barack Obama's name used by malware authors for malevolent purposes before, during the campaign and leading up to the US Presidential Elections. Now that Inauguration...

Well, after our last post, it certainly didn't take long to see some examples of festive malware from the wild. (You'd almost think that we've seen this kind of behavior before - again and again and again...) In the last couple of days, we (and other AV vendors) have observed the arrival of several new...

With visions of sugarplums dancing through my head constantly from around September onwards, I eagerly (and somewhat obsessively) await the festive season every year. As heralded by my son opening the first box on his advent calendar this morning to liberate the toy hidden within, as far as I am concerned...