As we first reported in the Microsoft Security Report Volume 13 , Keygens have become the number one threat reported by users of Microsoft antimalware products. The research also indicates that 76 percent of users that downloaded Keygen or software cracks were also exposed to other, more dangerous malware. Keygens are typically not very dangerous on their own. However, malware authors are having great success using deceptive downloads that either pretend to be Keygens or contain them as well as...

In order to evaluate the performance of their protection provider, customers need to rely on information that goes beyond what external certifications and comparative tests can provide. Today we’re releasing a whitepaper, called " Evaluating Microsoft’s protection performance and capabilities ," that we believe will help customers with these evaluations. The whitepaper describes the measurements we use to track our effectiveness across quality, customer experience, and protection coverage...

Exploitation of software vulnerabilities continues to be a common way to infect computers with malware. Leveraging exploits allows malware authors to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge. Exploits target vulnerabilities in operating systems, web browsers, applications, or software components that are installed on the computer. For details on exploit trends and insights on security vulnerabilities please refer to the...

In today’s threat landscape, distributing malware and developing malware are two different worlds. Both require a different set of skills in order to work and in order to achieve their separate goals. For example, in my blog post Get gamed and rue the day... , I described a bot-controlled worm in which the code fragment suggested that it belonged to an offensive development called “Andromeda”. This story about the Gamarue worm is a good example of the differences between the...

People act differently at home and at work, so it’s no surprise that malware also acts differently at home and in enterprise. As seen in the latest edition of the Microsoft Security Intelligence Report , there are plain differences between the two, with some new changes as well. The Conficker worm and other worms are still relatively dangerous to enterprise computers, but IFrameRef has now replaced these worms as the number one threat at work. IFrameRef is a detection for a small piece of...

How important is it really to run antivirus software? That’s a question that has been asked by many people: your average user who might question the effort required to install it or keep their subscription up-to-date, the tech-savvy user who feels their knowledge and safe Internet skills are enough to keep them out of trouble, and the technology decision-maker who has to justify the cost to their business are just a few examples. However, every single one of those people who question the...

This morning, we released Volume 14 of the Microsoft Security Intelligence Report (SIRv14). This new report studies our findings on trends in the threat landscape based on data from more than 1 billion systems worldwide, focusing on data collected in the second half of 2012. One interesting trend we saw surfacing in the enterprise was an increase in web-based threats. The enterprise has traditionally put a lot of effort into dealing with network worms, commonly mitigated with configuration and...

Java exploits represent a common attack vector used by the bad guys to infiltrate vulnerable computers via the web browser. We wrote about the rise of Java exploits as early as 2010 , and we haven't seen that trend decline. In fact, in the first quarter of 2013 alone, we've seen three Java remote code execution vulnerabilities being exploited in the wild: CVE-2013-0422 , CVE-2013-0431 , and CVE-2013-1493 . In response, Oracle recently introduced a new security feature regarding the way unsigned Java...

We recently came across an interesting threat that we detect as TrojanDownloader:Win32/Nemim.gen!A . This particular malware is a trojan downloader, and is capable of deleting its downloaded component files in a way that makes them essentially unrecoverable. This prevents the files from being isolated and analysed. Thus, during analysis of the downloader, we may not easily find any downloaded component files on the system; even when using file recovery tools, we may see somewhat suspicious deleted...

We can safely say that since we encountered our first rogue, they've always commanded a presence in the malware ecosystem. That was, until recently we observed a decrease in rogue activity. That's not to say they went away altogether – no, not at all – but towards the end of January we did see markedly fewer of them, with a period of about two weeks where we did not see any new undetected samples. That was, as I mentioned, until recently… Shortly after that, we saw the reappearance...