Microsoft privacy portal a target of rogue security software

Reports of rogue security programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparent and unlawful attempt to impersonate Microsoft products. Earlier in 2009,…


Surveying the Hamweq-age – Threat Reports for MSRT December

In the week since its release on December 8, MSRT has cleaned over 2.5 million machines of malware. The new family for December was Win32/Hamweq, an IRC controlled backdoor which spreads via removable drives. Hamweq was removed from 638,491 machines, making it the most prevalent family for the month, with around double the number of…


If at first you don’t succeed…

…it might be because you weren’t meant to. Last year, the EOF virus-writing group decided to release a virus zine with the help of DoomRiderz and rRlf. Well, here is how that turned out: rRlf backed out of the project at the last minute and then folded, and DoomRiderz folded shortly after the zine was released. The…


MSRT slices the Hamweq for Christmas

This month, Worm:Win32/Hamweq has been added to the Malicious Software Removal Tool (MSRT)  in time for the holidays.  Hamweq makes it on to MSRT’s “naughty” list as an IRC-controlled backdoor that spreads via removable drives. It has multiple means of hiding its presence; it installs itself into a hidden directory which it disguises as a…


Fake Security Software All Up

In a recent blog posted on 18th November we talked about the significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc….


Do and don’ts for p@$$w0rd$

Almost a year ago, we started a project designed to monitor incoming attacks against a normal user on a day-to-day basis. We presented you with details about the geographical area from where the attacks originated and what services were targeted, and we gave you just a hint about FTP dictionary-based attacks. Now we’re going into…


A Peek at MSRT November Threat Reports

By continuing to include new variants of the existing threat families, the MSRT has removed malware from more than 1.5 million machines three days after its release on 10 November.  This month we’ve also added Win32/FakeVimes and Win32/PrivacyCenter to the MSRT detection and have removed these new rogues from more than 110,000 machines.  A lot…


What’s Another 32-bits to Malware?

The migration of PC computing from 32-bit to 64-bit is in full swing at last, and if you’ve been confused as to what it all means, you’re not alone.  PCs built for years now have been capable of running both 32-bit and 64-bit operating systems, but for that you need 64-bit version of Windows (and…


Plays Well With Others

Just over a week ago the Microsoft Malware Protection Center released the seventh edition of our Security Intelligence Report covering the first half of 2009.  Like all of our previous reports we have distilled information and insight from the wide array of telemetry we have available to us. New to this edition, however, is the inclusion…


Rogues FakeVimes and PrivacyCenter added to MSRT

This month we’ve added two more rogue families to the Malicious Software Removal Tool (MSRT) – Win32/FakeVimes and Win32/PrivacyCenter. Both have been around since early 2009, but have become more prevalent in the last few months. Win32/FakeVimes has gone through a lot of different names, usually with two or three active at any given time….