Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Extracting the fare

    When malware is found lurking on a system, quite often it isn't acting alone. Once malware distributors have control of a system, they will do everything they can to compromise the machine and the user for maximum gain -- for instance, hijacking a browser's search results, or using rogue security software...
  • Blog Post: Are you beta testing malware?

    This post is part one of two. Popular games are often used by malware writers as social engineering bait as documented in previous blogs (" Dota Players Own3d " and " Keeping Kerrigan From Infection "). So, with a watchful eye for anything related to games used as an infection vector, we came across...
  • Blog Post: Trojan downloader Chepvil on the UPSwing

    A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I . The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor...
  • Blog Post: Keep your Facebook friends close and your antivirus closer

    Facebook malware attacks are not new. Scams spreading via status updates have been around for a long time, but in recent weeks one threat has been getting creative in terms of social engineering. Backdoor:Win32/Caphaw.A can intercept URL requests in both Firefox and Internet Explorer and it has been...
  • Blog Post: How to defang the Fake Defragmenter

    We are tracking the trails of this fake " System Defragmenter " software since its first appearance last October 2010, and have warned our customers in our earlier post about this trojan software. In this follow-up post, we give an update including a new variant worth noting for our customers...
  • Blog Post: Analysis of the CVE-2011-0611 Adobe Flash Player vulnerability exploitation

    About a month ago, we blogged about an Adobe Flash Player vulnerability ( CVE-2011-0609 ) that was actively exploited in the wild. That exploit was hidden inside a Microsoft Excel document. Over the weekend, a new Adobe Flash Player 0-day ( CVE-2011-0611 ) was reported by Adobe in a recent advisory ...