Microsoft Malware Protection Center
Threat Research & Response Blog
Forefront Endpoing Protection
Forefront Threat Management Gateway
Fort of Agra
Malicious Software Removal Tool
Microsoft Safety Scanner
Microsoft Security Essentials
Security Intelligence Report
Browse by Tags
Microsoft Malware Protection Center
Tagged Content List
Insights into Win32/Bradop
Have you heard of Win32/Bradop? We recently investigated this interesting data theft family in more detail and exposed some of its inner secrets. The following is a description of what we found out. Spoiler alert: spam emails, protectors, the download mechanism, database credentials, stolen data, and...
15 Jun 2012
There's a cream for that
The other day, while previewing messages in my inbox, I saw a conspicuous message with the following parameters, typos included: To: (email address) CC: (email address),... Subject: Your ex sent me this pciture of you. Body: Hey (email address), Your ex sent me this picture claiming it's you. Is it...
12 Mar 2012
Stratfor customers targeted by cybercriminals
Cybercriminals are continuing to use a social engineering trick to lure users for their malware campaigns. This time, they targeted customers of Stratfor - a subscription-based provider of geopolitical analysis. Attacks against Stratfor clients began after a reported breach of their customer database...
13 Feb 2012
Friendly spam carries Zbot
This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier's website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message...
6 Dec 2011
MSRT November: Dofoil
As previously noted , one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil . TrojanDownloader:Win32/Dofoil is a configurable downloader. Dofoil will attempt to receive control instructions from a remote server. The response contains...
22 Nov 2011
Getting tagged and your privacy
This morning my Facebook email address was invaded with spam ( scam-spam as I call it) from people in my friends list with subject titles similar to the following: “ <Some Friend1> invited you to the event You Gotta See This Exciting Feature!!<random number>" “ <Some Friend 2>...
21 Jun 2011
Fake Canadian pharma site causing headaches
I awoke the other day to a friend calling me and exclaiming into the phone: “My Yahoo email account was hacked !!!” He had been angrily accused by others in his contact list of sending spam messages and sharing inappropriate website links. Most of the questions he fielded had the same query: " Why...
1 Jun 2011
Slick links linked to slinky Winwebsec
I received a spam email from a friend lately after which I immediately notified him of a potential malware infection. He insisted his technician had taken care of the infection once and for all. After I returned from my vacation I received another three spam mails from him. This time...
3 May 2011
Scam emails - the cost of response
Recently, I received an email in my personal inbox with a subject line “MYSTERY SHOPPER ASSISTANT“ (the message did not filter to my junk folder and was not marked as spam). Image 1 – “Mystery shopper assistant” spam I’m familiar with the hobby of mystery shopping – a service provided under contract...
20 Apr 2011
Doctor Who calling–on Skype, with malware
Earlier this week, I received a phone call via Skype on my laptop, the caller’s ID was “ dralerthelpzc8 ” as in Dr Alert Help ZC8 . The voice on the other end was automated, computerized and otherwise non-human, and alerted me that I had a virus that affects Windows Vista, Windows XP and Windows 7 and...
15 Apr 2011
Analysis of the CVE-2011-0611 Adobe Flash Player vulnerability exploitation
About a month ago, we blogged about an Adobe Flash Player vulnerability ( CVE-2011-0609 ) that was actively exploited in the wild. That exploit was hidden inside a Microsoft Excel document. Over the weekend, a new Adobe Flash Player 0-day ( CVE-2011-0611 ) was reported by Adobe in a recent advisory ...
12 Apr 2011
Trojan downloader Chepvil on the UPSwing
A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I . The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor...
25 Mar 2011
Operation b107 - Rustock Botnet Takedown
Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security). Today, a similar action has had its legal...
17 Mar 2011
MSRT January ‘11: Win32/Lethic
Win32/Lethic is a trojan that communicates with a remote server to distribute spam. Variants of Lethic install executable files with varied file names such as “ shelldm.exe ” or “ xcllsx.exe ”. The malware loads as a process when Windows starts. The trojan establishes a connection to remote servers using...
11 Jan 2011
Phishing encounter while on vacation
It was my first night in Beijing for a long-overdue vacation. I purchased a SIM card from the airport and sent SMS greetings to friends and family and other families in town. SMS is hugely popular and a main communication channel in China. Guess what? The first SMS I received was from a strange number...
23 Dec 2010
Where is Waledac - Episode II
The Spambot Whilst Win32/Waledac is probably best known for the ability to send spam, it can also download and execute arbitrary files. In addition to using this downloading mechanism to update itself, Waledac can also download other malware. The MMPC has observed the download of Trojan:Win32/FakeSpypro...
7 May 2009
Closing In on Open Relay Mail Servers
About four months ago some new colleagues in the security business arrived in our Dublin office. They are part of Microsoft Anti-spam team and it is our pleasure to have them here :) The Dublin Spam team recently told us that almost every week, Microsoft Forefront Online Security for Exchange is filtering...
5 May 2009
The family added to the April MSRT release is Win32/Waledac . If you haven't heard of the family before, there is a chance you may have seen some of the spam generated by Win32/Waledac in your inbox. We've blogged about some of the spam campaigns in the past, such as Fake Obama or the Valentine Devkit...
14 Apr 2009
Cashing in on Conficker's Bad Name
Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker . Here's an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: In this case the page tries to get you...
9 Apr 2009
Spam - What the Doctor Ordered?
Periodically I'll glance into my spam folder within Outlook and see if the messages there deserve this somewhat final resting place. I spotted a number of messages that have a very similar pattern in the message body when viewed in plain-text mode - see if you can spot the pattern too... c'mon, it'll...
9 Mar 2009
Little Red Riding Hood or Big Bad Wolf? Your Sweetheart or Waledac?
Valentine's Day is almost here. While your friends and loved ones are crafting their e-cards, malware authors are also releasing their annual love letters into the mix. Win32/Waledac started a bit early, we noticed it’s Valentine theme spam mails as early as January 26th. However, as Valentine's Day...
13 Feb 2009
MSRT February 2009 - Win32/Srizbi
This month's MSRT takes on one of the largest botnets currently active worldwide – Win32/Srizbi . The Srizbi family of malware consists of trojan droppers and rootkits that often spread through spam e-mails containing download links to the malware. Much like its alleged close cousin Win32/Rustock...
10 Feb 2009
Waledac Trojan Hosted by Fake Obama Website
“Now that Inauguration Day is upon the US, malware authors have a new spate of social engineering tricks up their sleeve.” We've seen Barack Obama's name used by malware authors for malevolent purposes before, during the campaign and leading up to the US Presidential Elections. Now that Inauguration...
19 Jan 2009
O Come All Ye Malware
Well, after our last post, it certainly didn't take long to see some examples of festive malware from the wild. (You'd almost think that we've seen this kind of behavior before - again and again and again...) In the last couple of days, we (and other AV vendors) have observed the arrival of several new...
4 Dec 2008
Merry Malware - You’d better watch out, you’d better think twice…
With visions of sugarplums dancing through my head constantly from around September onwards, I eagerly (and somewhat obsessively) await the festive season every year. As heralded by my son opening the first box on his advent calendar this morning to liberate the toy hidden within, as far as I am concerned...
2 Dec 2008
Page 1 of 2 (28 items)
© 2013 Microsoft Corporation.
Privacy & Cookies