Microsoft Malware Protection Center

Threat Research & Response Blog

Microsoft Malware Protection Center

  • MSRT August 2015: Vawtrak

    As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Vawtrak Win32/Critroni Win32/Kasidet Critroni is a ransomware malware family that c​an lock your files and ask you to pay money to regain access to them. Variants in the Kasidet family can steal your sensitive information and send it to a remote attacker. This blog has more information about the Vawtrak...
  • Emerging ransomware: Troldesh

    Troldesh (detected as variants of Win32/Troldesh ) started to show up in the early part of 2015 and became more prevalent in June this year. Overall detections have so far lessened in July - except for a notable spike around the 8th of the month, shown in Figure 1. Figure 1: Troldesh detections over the past four months We are unable to determine the exact cause of this spike, and it might be attributed to a push by the Axpergle or Neclu exploit kits (also known as Nuclear) during that time...
  • MSRT July 2015: Crowti

    In our ongoing effort to provide malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Crowti Win32/Reveton Crowti, a file encryption threat, is one of the top prevalent ransomware families. We have recently seen it sent as a spam email attachment with formats similar to those shown below: Figure 1: Email sp am samples delivering Crowti as an attachment As well as using spam emails as the entry...
  • Understanding type confusion vulnerabilities: CVE-2015-0336

    In March 2014, we observed a patched Adobe Flash vulnerability ( CVE-2015-0336 ) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date . Keep your third-party software, such as Adobe Flash Player , up-to-date. Be cautious when browsing potentially malicious or compromised...
  • MSRT June 2015: BrobanDel

    Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT): Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is another information-stealing malware family that...
  • Windows 10 to offer application developers new malware defenses

    Application developers can now actively participate in malware defense - in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the Antimalware Scan Interface (AMSI) - a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is currently available through the Windows 10 Technical Preview, and will be fully available...
  • Detection changes: search protection code

    ​In late 2014 we announced changes to our evaluation criteria regarding the way we detect programs that have search protection functionality. Microsoft security products will detect programs with browser search protection functionality from June 1, 2015. Non-compliant programs that exhibit such functionality will be detected by our software signatures that look for browser search protection code. Any program using code that can potentially perform search protection may be detected, regardless...
  • Cleaning up misleading advertisements

    The Microsoft Malware Protection Center is committed to protecting our customers and their Windows experience. We use our evaluation criteria to determine if a program should be detected by our security products. As the software ecosystem evolves, so does our evaluation criteria. We are currently updating our evaluation criteria to address new technology changes, industry trends, customer feedback, and our desire to help better protect our customers. We are working with the industry and our partners...
  • Social engineering tricks open the door to macro-malware attacks - how can we close it?

    The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity. With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice. The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro...
  • MSRT April: Unskal, Saluchtra, Dexter and IeEnablerCby

    This month we added four new malware families to the Malicious Software Removal Tool : Win32/Saluchtra , Win32/Dexter , Win32/Unskal and Win32/IeEnablerCby , further protecting customers against malicious activity. IeEnablerCby is an unwanted software family that can install browser add-ons or extensions without asking for your permission. The other three malware families also have similar information stealing capabilities, if a system is compromised. This blog will focus on Unskal, a point-of...