Update on the Zbot spot!

Hello Internet! I’m back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October’s MSRT (and beyond), which means we are now in a position to provide additional information. As I mentioned in the…


Get gamed and rue the day…

As we discussed last week, socially engineered threats are specially crafted threats designed to lure the eye and trick the mind – they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by utilizing a compromised account or familiar website. Social engineering techniques may be used in isolation, but…


There’s more than one way to skin an orange…

​When it comes to attacking a system, and compromising its data and/or resources, there are several different methods that an attacker can choose. One of the more effective ways to make a successful compromise is to take advantage of perceived vulnerabilities in the targeted system. A vulnerability refers to a characteristic of a system that…


Mobile threats on the desktop

The MMPC has been routinely monitoring threats (via the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly common ways we see mobile devices being compromised is by allowing the user to download and install applications independently. This is because the consumer cannot…


SIRv11: Putting Vulnerability Exploitation into Context

As Vinny Gullotto, our GM blogged earlier in the week, the 11th edition of the Security Intelligence Report (SIRv11) has been released. One of the new areas of research in this release is a study of the most prevalent kinds of vulnerability exploitation and how much of that exploitation is 0-day (short for zero-day, an…


MSRT October ’11: EyeStye

This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison. EyeStye (aka ‘SpyEye’) is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs is called “form grabbing” which involves the interception of webform data submitted to…


New: Microsoft Security Intelligence Report Volume 11- Now Available

Hi, again everyone! Today we released the 11th volume of the Microsoft Security Intelligence Report, also known as SIRv11.   I have to say once again we’ve outdone ourselves and launched the largest and most comprehensive version of this report to date. This time it’s over 800 pages of threat intelligence spanning 100+ countries and regions…


Online game trading – sometimes more than you bargained for

Some online games offer features for the game players to sell their game items online. In such situations, it is highly likely some sellers may send the potential buyers a screenshot of their items for sale, for example, via Instant Messaging programs.  Recently, malware distributors have started taking advantage of this. They pretend to be…