The MSRC released a security advisory yesterday about a vulnerability in Internet Explorer. Just like our colleagues at the MSRC , we're tracking the situation very closely as we've observed the vulnerability exploited in the wild, however within a relatively limited context. Virtually all the malicious sites we've seen taking advantage of the vulnerability thus far are hosted on a variety of Chinese domains. According to the investigation thus far, the vulnerability affects Windows Internet Explorer...

In addition to Win32/FakeXPA we added another rogue-related malware family to MSRT this month - Win32/Yektel . Win32/Yektel is a different kind of rogue. Like other rogues, it displays fake warnings about possibly malware or spyware, but rather than pretending to be a security product itself, it tries to blend in with its surroundings. There is a very good reason to target Win32/Yektel and Win32/FakeXPA together: most of the current incarnations of FakeXPA download Yektel. Nevertheless, Yektel works...

Rogue security products have been around for some years, and now they seem to be everywhere. In my previous blog about Trojan:Win32/Antivirusxp I talked about the relationships between rogue products and various other threats. One common behavior of rogue products is their ever-changing domain names and user interfaces. Most rogue products emerge and then disappear into thin air. However, a few persist and remain the "big fish" to catch. This month's addition to MSRT, Trojan:Win32/FakeXPA , is...

Well, after our last post, it certainly didn't take long to see some examples of festive malware from the wild. (You'd almost think that we've seen this kind of behavior before - again and again and again...) In the last couple of days, we (and other AV vendors) have observed the arrival of several new 'merry' malware on the scene. First, we have Worm:Win32/Prolaco.A@mm - this is a worm that spreads via e-mail and peer-to-peer file sharing networks. It also appears to be able to spread via removable...

With visions of sugarplums dancing through my head constantly from around September onwards, I eagerly (and somewhat obsessively) await the festive season every year. As heralded by my son opening the first box on his advent calendar this morning to liberate the toy hidden within, as far as I am concerned, Christmas is (finally!) upon us. It feels like it gets earlier every year, and this year is no exception – especially as far as the malware authors are concerned. There are several reports that...

As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067. Early last week we blogged about MS08-067 exploits. At that time, the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume...

Win32/FakeSecSen was added to MSRT November release as Hamish mentioned in his MMPC blog . We’ve since observed MSRT removing FakeSecSen from 994,061 distinct machines. Breakdown of these removals by regions is shown as below. Region/Country Distinct Machines Cleaned United States 548,218 United Kingdom 74,343 France 47,581 Germany 43,347 Netherlands 28,724 Spain 23,027 Italy...

A few weeks ago, Microsoft released an update for a vulnerability in Windows that was considered “wormable” in certain scenarios. Bulletin MS08-067 includes more information. There were limited attacks in the wild at the time of the release and we blogged about it here. We would like to give you a quick update about the attacks we've seen since then. First, it is quite obvious that people are trying to create effective exploits for this vulnerability. Almost every day, we find new variants exploiting...

In February of last year, SPTH said "I'm going to sleep for a number of years", which turned out to be less than two. Interestingly, this is exactly the same phrasing that roy g biv used before he switched to writing Windows viruses. The number was five-and-a-half in roy's case, and, more, recently no-one has heard from him for months. That could be a good sign. Maybe he was so disappointed by the EOF-DR-rRLF zine that he gave it all up. I remain hopeful. Anyway, back to SPTH. SPTH has written an...

I hate rogues. I don’t mean the World of Warcraft character class; I’m talking about rogue security software. In case you haven’t heard the term before, this is software that tells you that your system is crawling with bad stuff (for free!) and then offers to remove it for you (that’ll cost you). Of course the stuff they report is completely bogus; they are incapable of finding any real malware. What’s more they can be very insistent, repeatedly displaying popup warnings that make it virtually impossible...