Welcome to TechNet Blogs Sign in | Join | Help

April 2009 - Posts

Protecting Our Customers From Half a Million New Unique Malicious Files Every Day

Posted Thursday, April 30, 2009 11:34 AM by mmpc
You might find it hard to believe, but that’s the number of new unique malware samples we detect on average every day in the wild. During the second half of 2008 our products detected a total of nearly 95 million unique malicious files. The total number Read More...
(Comments Off)

Windows Addresses the Changing AutoRun Threat Environment

Posted Tuesday, April 28, 2009 10:00 AM by mmpc
AutoRun is the ability for a device, through the use of autorun.inf, to expose a set of tasks for the user to choose upon insertion of new media into the computer. This could be a USB drive, a CD or DVD, a network drive, or any other additions of new Read More...
(Comments Off)

DOTA Players...0wn3d?!?

Posted Monday, April 27, 2009 9:35 PM by mmpc
--Rdy all? --Mode -AP --Starting in 5 --4 --3 --2 --1 This is the typical scene in DOTA before a game starts. DOTA (Defense of the Ancients) is a very popular custom- made scenario map for Warcraft III. Popular enough that there is even a hit song named Read More...
(Comments Off)

Vundo Employs Worm Behavior

Posted Wednesday, April 22, 2009 11:35 PM by mmpc
Vundo is a malware family that doesn't need any introduction. It was one of the families added into the MSRT and remains in the top 10 detections every month. It is commonly reported as a nuisance due to the incessant popups that it delivers to the user Read More...
(Comments Off)

Malware Distribution Across Operating Systems

Posted Tuesday, April 21, 2009 11:55 PM by mmpc
Depending on your background, you may find different sections of the newly published Microsoft Security Intelligence Report (SIR) to be of more interest. In today’s post, we would like to highlight the section on infection rates based on the operating Read More...
0 Comments

MSRT and MMPC in 2H08 – Microsoft Security Intelligence Report

Posted Friday, April 17, 2009 6:15 PM by mmpc
The MSRT added the following threat families in 2H08. Rogues and botnet malware were the focus during the six months. New Family Note Added in Computers Cleaned by the MSRT in 2H08 Win32/Horst CAPTCHA breaking threat July 235,318 Win32/Matcash Downloader Read More...
(Comments Off)

Threats at Home and at Work

Posted Thursday, April 16, 2009 5:00 PM by mmpc
It’s pretty obvious that people often behave differently at home and at work. Microsoft has found that malware and potentially unwanted software are encountered differently and act differently in the two environments. The following graph shows the difference Read More...
(Comments Off)

An Introduction to MMPC's Paladin (Automated Vulnerability Analysis)

Posted Wednesday, April 15, 2009 5:25 PM by mmpc
Paladin describes a set of internal tools that automate the steps a researcher would take to understand how a given exploit takes advantage of a given vulnerability. As of today, these tools are not for public consumption. These tools take as input a Read More...
(Comments Off)

Where's Waledac?

Posted Tuesday, April 14, 2009 4:05 PM by mmpc
The family added to the April MSRT release is Win32/Waledac . If you haven't heard of the family before, there is a chance you may have seen some of the spam generated by Win32/Waledac in your inbox. We've blogged about some of the spam campaigns in the Read More...
(Comments Off)

Did You Say Malware? Where?

Posted Monday, April 13, 2009 12:00 PM by mmpc
Customers often look for information about malware that may affect them. For the last couple of years, we have shown that malware doesn’t spread evenly across the globe, despite the global nature of the Internet. Threats that rely on social engineering, Read More...
(Comments Off)

Yes, SIR, More Rogues!

Posted Friday, April 10, 2009 8:30 AM by mmpc
As Vinny mentioned in his post , the data in our recently released Microsoft Security Intelligence Report (SIR) clearly shows what we've been seeing in our day-to-day research over the last six months or so - rogue security software is getting more prevalent. Read More...
(Comments Off)

Win32/Conficker Variants Update

Posted Thursday, April 09, 2009 6:53 PM by mmpc
There have been new developments in the Conficker arena within the past couple of days.  We would like to inform those who are concerned that the MMPC is working to make sure you have the information you need, first to be protected from any threat; Read More...
0 Comments

Cashing in on Conficker's Bad Name

Posted Thursday, April 09, 2009 1:25 PM by mmpc
Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker . Here's an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: Read More...
(Comments Off)

Who's at Risk on the Internet Today? We All Are. Act Accordingly…

Posted Wednesday, April 08, 2009 12:00 AM by mmpc
Here at the Microsoft Malware Protection Center (MMPC) we look for ways to share the valuable data, insights and expertise that we have with our customers on a regular basis. We just released the sixth volume of our Microsoft Security Intelligence Report Read More...
(Comments Off)

Birthday Problem and Conficker

Posted Monday, April 06, 2009 4:30 PM by mmpc
Hide behind huge numbers, making fighting against very expensive Birthday problem or paradox is the probability that, from a given set of people, two of them will have the same birthday. It is a paradox because the result defies common sense. For a group Read More...
(Comments Off)

A Few Quiet Days… and a New Exploit of MS08-067 Has Been Identified

Posted Friday, April 03, 2009 5:15 PM by mmpc
April 1st is behind us and nothing really happened with Conficker . But it is never boring in the antimalware world. We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against Read More...
(Comments Off)

New 0-day Exploits Using PowerPoint Files

Posted Thursday, April 02, 2009 4:19 PM by mmpc
The Microsoft Security Response Center has released Advisory 969136 today about a vulnerability in Microsoft Office PowerPoint which is being exploited in the wild. Office 2000, Office XP, Office 2003 and Mac Office are vulnerable however the latest version, Read More...
(Comments Off)

Win32/Koobface, MSRT and Industry Cooperation

Posted Thursday, April 02, 2009 11:00 AM by mmpc
On March 10 we released an update to the Malicious Software Removal Tool to add targeting of the Win32/Koobface family. The addition of this threat came out of discussions with the security team at Facebook but this is not the first time we have added Read More...
(Comments Off)
 
Page view tracker