This morning, we released Volume 14 of the Microsoft Security Intelligence Report (SIRv14). This new report studies our findings on trends in the threat landscape based on data from more than 1 billion systems worldwide, focusing on data collected in the second half of 2012. One interesting trend we saw surfacing in the enterprise was an increase in web-based threats. The enterprise has traditionally put a lot of effort into dealing with network worms, commonly mitigated with configuration and...

As we first reported in the Microsoft Security Report Volume 13 , Keygens have become the number one threat reported by users of Microsoft antimalware products. The research also indicates that 76 percent of users that downloaded Keygen or software cracks were also exposed to other, more dangerous malware. Keygens are typically not very dangerous on their own. However, malware authors are having great success using deceptive downloads that either pretend to be Keygens or contain them as well as...

People act differently at home and at work, so it’s no surprise that malware also acts differently at home and in enterprise. As seen in the latest edition of the Microsoft Security Intelligence Report , there are plain differences between the two, with some new changes as well. The Conficker worm and other worms are still relatively dangerous to enterprise computers, but IFrameRef has now replaced these worms as the number one threat at work. IFrameRef is a detection for a small piece of...

In today’s threat landscape, distributing malware and developing malware are two different worlds. Both require a different set of skills in order to work and in order to achieve their separate goals. For example, in my blog post Get gamed and rue the day... , I described a bot-controlled worm in which the code fragment suggested that it belonged to an offensive development called “Andromeda”. This story about the Gamarue worm is a good example of the differences between the...

Exploitation of software vulnerabilities continues to be a common way to infect computers with malware. Leveraging exploits allows malware authors to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge. Exploits target vulnerabilities in operating systems, web browsers, applications, or software components that are installed on the computer. For details on exploit trends and insights on security vulnerabilities please refer to the...

In order to evaluate the performance of their protection provider, customers need to rely on information that goes beyond what external certifications and comparative tests can provide. Today we’re releasing a whitepaper, called " Evaluating Microsoft’s protection performance and capabilities ," that we believe will help customers with these evaluations. The whitepaper describes the measurements we use to track our effectiveness across quality, customer experience, and protection coverage...

We have received reports about a wave of malicious browser extensions trying to hijack Facebook profiles. This threat was first discovered in Brazil. We detect it as Trojan:JS/Febipos.A . The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox. When installed, it attempts to update itself using the following URLs: Chrome browser: du-pont.info/updates/<removed>/BL-chromebrasil.crx Mozilla Firefox browser: du-pont.info/updates/<removed>...

In a previous post, " Fake apps: Behind the effective social strategy of fraudulent paid-archives ," we exposed the social engineering technique behind Win32/Pameseg - our detection for a family of "paid-archives." We described the use of "low-ball" techniques and explained how users are led to believe they are making an informed choice. However, the choice ultimately leads to the user being deceived into doing what the attacker wants - downloading and executing an installer. The scheme begins...

A recently debuted exploit kit (EK), called "Cool EK," and detected by us with the name Exploit:JS/Coolex , has been known to include various exploits targeting Oracle JRE, Adobe Reader, Adobe Flash Player to Windows kernel-mode drivers. If you’re unlucky enough to visit a webpage that hosts Cool EK, you might encounter all these exploits in the one place, turned against you in a barrage designed to compromise your computer. Recently there was an update to the kit’s armaments to include...

Recently we released the Microsoft Security Intelligence Report volume 14. The report initially presented data showing reduced Java malware detections in Q3 2012 and gaining prevalence in Q4 of 2012. During a later review of the backend data, we found that we were missing some detection counts from our initial calculations. We have revised the data, and Figure 1 shows the updated graph. Figure 1 Machine count of detections for each exploit categories From Figure 1, what we can see...