Earlier, we discussed Win32/Carberp , a malware family included in the November release of the Malicious Software Removal Tool. In this post, we discuss another included malware, Win32/Cridex . Win32/Cridex is a relatively new family; we discovered its first variant in the wild in August 2011. This trojan is primarily downloaded and installed by other malware, detected as TrojanDownloader:Win32/Skidlo. Win32/Skidlo is commonly distributed as an attachment to spammed email, using various names...

We included three threat families in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp , Win32/Cridex and Win32/Dofoil . In this post, we discuss Win32/Carberp. The first variant of Win32/Carberp was discovered early last year. This malware has evolved from a trojan downloader that downloads an additional password stealer, such as PWS:Win32/Ldpinch , to a full-fledged banking trojan and user-mode rootkit with the ability to load malicious plugins on-the-fly. One...

The latest MSRT release included coverage for two more malware families, one being Win32/EyeStye , which we discussed earlier this month , and the other being Win32/Poison . In tandem with our efforts to provide an antidote to the scourge of Win32/Poison infections via the MSRT, we've also today published a detailed MMPC Threat Report on the same family. This Microsoft Malware Protection Center (MMPC) Threat Report provides an overview of the Win32/Poison (Poison Ivy) family of malware. The report...

Hello Internet! I'm back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October's MSRT (and beyond), which means we are now in a position to provide additional information. As I mentioned in the previous blog post , the purpose of our special Zbot September update was to glean an insight into the effectiveness of MSRT against this prolific threat. Couple that with a focus...

As we discussed last week , socially engineered threats are specially crafted threats designed to lure the eye and trick the mind - they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by utilizing a compromised account or familiar website. Social engineering techniques may be used in isolation, but are often used by attackers in tandem with other types of exploit in order to perform the attacker's real purpose - delivering the payload. What follows is...

When it comes to attacking a system, and compromising its data and/or resources, there are several different methods that an attacker can choose. One of the more effective ways to make a successful compromise is to take advantage of perceived vulnerabilities in the targeted system. A vulnerability refers to a characteristic of a system that renders it susceptible to some form of attack. Kind of like a weakness, but a weakness that does not necessarily indicate a problem with the system’s design....

The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications independently. This is because the consumer cannot know if the app might be malicious, thus, protection from mobile threats on the desktop is vital. We have observed mobile malware posing as a new...

As Vinny Gullotto, our GM blogged earlier in the week , the 11 th edition of the Security Intelligence Report (SIRv11) has been released. One of the new areas of research in this release is a study of the most prevalent kinds of vulnerability exploitation and how much of that exploitation is 0-day (short for zero-day, an attack or exploitation of a vulnerability without an available update). We took two paths to find this answer. The first was an analysis of how the top families found by the Microsoft...

This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison . EyeStye (aka 'SpyEye') is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs is called " form grabbing " which involves the interception of webform data submitted to the host through the client's browser. By intercepting this data, authentication information can be stolen...

Hi, again everyone! Today we released the 11th volume of the Microsoft Security Intelligence Report , also known as SIRv11.   I have to say once again we’ve outdone ourselves and launched the largest and most comprehensive version of this report to date. This time it’s over 800 pages of threat intelligence spanning 100+ countries and regions around the world.  The report provides threat trends and data analysis on topics like software vulnerabilities, exploits, malicious code and potentially...