Upatre: Emerging Up(d)at(er) in the wild

The MMPC is constantly monitoring emerging threats that are impacting our customers the most. Recently, we started seeing Win32/Upatre being distributed in the wild. This chart shows how this threat has impacted customer machines in just about two months. Figure 1: Monthly telemetry data on Win32/Upatre downloader   As we see in this next chart,…


New infection rate data for unprotected computers

​In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers).  Using this new data, we wrote a feature story about the risks of running…


Infection rates and end of support for Windows XP

In the newly released Volume 15 of the Microsoft Security Intelligence Report (SIRv15), one of the key findings to surface relates to new insight on the Windows XP operating system as it inches toward end of support on April 8, 2014. In this post we want to highlight our Windows XP analysis and examine what the data says…


New Security Intelligence Report, new data, new perspectives

Today, Microsoft released volume 15 of the Microsoft Security Intelligence Report (SIRv15). The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services. During the past year, as we were planning this volume of the Security Intelligence Report, and as we considered…


Our protection metrics – September results

Earlier this year, we started publishing a new set of metrics on our portal – An evaluation of our protection performance and capabilities. These metrics show month over month how we do in three areas: coverage, quality, and customer experience in protecting our customers. And, since we started to publish the results on this page,…


Redirect hides browser extension

​While analyzing a malicious Chrome browser extension we recently came across a Virtool that tries to redirect the Chrome Extension page. We detect it as VirTool:JS/Redichrextor.A. VirTool:JS/Redichrextor.A won’t let you view, change, remove or uninstall Chrome browser extensions. It does this by stopping you from viewing the Chrome Extension page. It uses this technique so…


Our commitment to Microsoft antimalware

We are fully committed to protecting our consumer and business customers from malware. Our strong solutions provide the comprehensive defense needed against malicious code and attacks. Our support of antimalware partners helps in building a strong and diverse ecosystem to fight malware. Over the past year, we’ve continued to make investments in our protection technologies:…


MSRT October 2013 – Shiotob

​This month the Malicious Software Removal Tool (MSRT) is giving some special attention to two malware families – Win32/Foidan and Win32/Shiotob. We are targeting these families due to their increased prevalence. Lately, we’ve been adding and improving our detections for the Shiotob family. Shiotob is a family of trojan spyware that steals system information and user…