Microsoft Malware Protection Center

Threat Research & Response Blog

Microsoft Malware Protection Center

  • Detection changes: search protection code

    ​In late 2014 we announced changes to our evaluation criteria regarding the way we detect programs that have search protection functionality. Microsoft security products will detect programs with browser search protection functionality from June 1, 2015. Non-compliant programs that exhibit such functionality will be detected by our software signatures that look for browser search protection code. Any program using code that can potentially perform search protection may be detected, regardless...
  • Cleaning up misleading advertisements

    The Microsoft Malware Protection Center is committed to protecting our customers and their Windows experience. We use our evaluation criteria to determine if a program should be detected by our security products. As the software ecosystem evolves, so does our evaluation criteria. We are currently updating our evaluation criteria to address new technology changes, industry trends, customer feedback, and our desire to help better protect our customers. We are working with the industry and our partners...
  • Social engineering tricks open the door to macro-malware attacks - how can we close it?

    The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity. With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice. The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro...
  • MSRT April: Unskal, Saluchtra, Dexter and IeEnablerCby

    This month we added four new malware families to the Malicious Software Removal Tool : Win32/Saluchtra , Win32/Dexter , Win32/Unskal and Win32/IeEnablerCby , further protecting customers against malicious activity. IeEnablerCby is an unwanted software family that can install browser add-ons or extensions without asking for your permission. The other three malware families also have similar information stealing capabilities, if a system is compromised. This blog will focus on Unskal, a point-of...
  • Bioazih RAT: How clean-file metadata can help keep you safe

    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative , there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our...
  • Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six months

    'Simda.AT' designed to divert Internet traffic to disseminate other types of malware. Today Interpol and the Dutch National High Tech Crime Unit (DNHTCU) announced the disruption of Simda.AT , a significant malware threat affecting more than 770,000 computers in over 190 countries. The Simda.AT variant first appeared in 2012. It is a widely distributed malware that causes significant damage to users through the manipulation of internet traffic and spread of other malware. Interpol coordinated...
  • Upatre update: infection chain and affected countries

    Upatre is a type of malware that is typically installed on a machine after a person is tricked into clicking on a link or opens an attachment contained in a spam email. Since January 2015, we have seen spam emails commonly distributed by variants of the Hedsen and Cutwail malware families. Upatre 's malicious actions vary, but it commonly acts as a central distribution platform for a number of other threat families. For example: The malware reaches out to a command-and-control...
  • MSRT March: Superfish cleanup

    ​This month we added two new families to the Microsoft Malicious Software Removal Tool : Win32/CompromisedCert and Win32/Alinaos . The Alinaos trojan family targets point-of-sale terminals to steal credit card information. This blog will discuss the security risk presented by Superfish, an ad-injecting application that we detect as CompromisedCert. Some new Lenovo consumer notebooks sold between September 2014 and February 2015 had Superfish pre-installed. In February, it was discovered that...
  • Monitoring tools: user notification required

    The Microsoft Malware Protection Center (MMPC) helps to keep Windows customers in control of their computing experience, information, and privacy. We use objective criteria to help protect customers against malware and unwanted software. This means helping to protect you against monitoring software that maliciously collects and provides unauthorized access to your private data. We are aware of social engineering campaigns that target users in Eastern Europe and Brazil using monitoring software...
  • Microsoft Malware Protection Center assists in disrupting Ramnit

    Recent disruption of the Ramnit malware family was successful due to a multinational collaboration, led by Europol’s European Cybercrime Center (EC3), in partnership with Financial Services and Information Sharing & Analysis Center (FS-ISAC), Symantec, AnubisNetworks, Microsoft’s Digital Crimes Unit (DCU), and the Microsoft Malware Protection Center (MMPC). The MMPC has been closely monitoring Ramnit since its discovery in April 2010, as you can see by reading: Ramnit - The renewed...