Battle the Bogeyman this Halloween!

Almost all major holidays are used by bogeymen (also known as cybercrooks) as an excuse to spread malware or spam using social engineering. This year is no exception, so we recommend that you be careful especially if you receive any Halloween themed emails — even if it’s from someone that you know. We’ve collected some…


CCM – Our Threat Indices in the Security Intelligence Report

At the recent Virus Bulletin 2010 Conference in Vancouver, BC, I made a presentation highlighting infection data collected from the Malicious Software Removal Tool and data collected from Microsoft Security Essentials in its first year. The presentation (coincidentally on the Security Essentials one year anniversary), entitled “Observations and lessons learned from comparing point-in-time cleaning against…


Nobel Prize site hacked, delivers malware

Yesterday (Oct 26, 2010), MMPC researchers learned that the Nobel Peace Prize website “nobelprize.org” was hacked and users browsing the site using Firefox versions 3.5 and 3.6 may have received malware. The malware is delivered by way of a malicious JavaScript that exploits a vulnerability in Firefox. Mozilla is aware of the vulnerability and note…


Bredolab Takedown, Another Win for Collaboration

Earlier this week (October 25), authorities in the Netherlands took action against one of the Win32/Bredolab botnets and person(s) who may be responsible for this threat as part of an investigation codenamed TOLLING- part of a larger project named TAURUS. This follows on the heels of similar efforts against Win32/Zbot by the Federal Bureau of…


Standards and Policies on Packer Use

For those people who missed my presentation at Virus Bulletin this year, I co-presented on the topic of “proper” packer usage.  The idea of a “proper” way to use packers is two-fold: (a) It reduces the prevalence of legitimate packers being used to pack malware. (b) It makes it easier to identify packers which exist…


The Botnet Superhighway

The latest Microsoft Security Intelligence Report (SIR) dedicates a whole section to botnets and the role they play in today’s world of malware, and for good reason – the pathways of the malware world are quickly merging into a botnet superhighway, a new conduit used for many nefarious purposes. If you compare the worldwide infection…


Have you checked the Java?

Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (v9 – released last week), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology.  Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a…


An Early Look at the Impact of MSRT on Zbot

As those who follow our blog already know, we added Win32/Zbot to MSRT this month.  This is a complex threat with techniques employed to make removal by AV challenging and which necessitated advances in the technology we use.  The threat is aimed at theft of credentials (often financial) and, according to the FBI, part of…


Announcing Microsoft Security Intelligence Report version 9

Today, the 9th edition of the Microsoft Security Intelligence Report was released as Adrienne Hall, General Manager of Microsoft Trustworthy Computing Communications, gave her keynote at RSA Europe.   This time around, we’ve done a few things differently.  First off – we’ve dedicated this particular volume to the study of botnets and the role that…


MSRT on Zbot, the botnet in a box

This month, the MSRT team has added detection and removal for Zbot, one of the most widely known active botnets  today.  Although the malware itself is quite complex and varied, the technical acumen required to use and distribute it is actually quite low.  Toolkits to create the malware are easily attainable and quite simple to…