Before you enable those macros…

The Microsoft Malware Protection Center (MMPC) has recently seen an increasing number of threats using macros to spread their malicious code. This technique uses spam emails and social engineering to infect a system. Using macros in Microsoft Office can help increase productivity by automating some processes. However, malware authors have also exploited these capabilities. Since Microsoft…

10

Make your browsing 14x safer for the holidays!

The browser is how most people access the Internet, and with the proliferation of malware online today, it is one of the first lines of defense in helping to protect systems. Each new browser version can offer new capabilities, protections, and fixes for vulnerabilities. This means that a newer browser is often safer than its…

7

Your Browser is (not) Locked

Most ransomware has a binary file that needs to be executed before it can infect your PC. Ransomware usually relies on social engineering or exploits to infect unsuspecting users. However, some malware authors are bypassing this requirement with a new trick – browser lockers. Unlike traditional ransomware threats that lock the entire desktop, browser lockers only lock…

10

Wire transfer spam spreads Upatre

The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service….

3

​​​​A timeline of consent and control

In October we announced some changes to our BrowserModifier detection criteria. These changes were designed to keep a user in charge of their web browsers through consent and control. Since the changes were announced we have been working with software developers to align their programs with our criteria. To provide more clarity, we are sharing our…

7

MSRT December 2014

This month is our final release of the Malicious Software Removal Tool (MSRT) for 2014. Although we didn’t add any new malware families, we updated the tool with the latest detection and remediation capabilities for the malware families added in previous releases. Since January 2014, there have been more than seven billion successful MSRT installs…

4

An interesting case of the CVE-2014-8439 exploit

We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26).  Coincidentally, our investigation shows that Adobe…

4

An inside look: gathering and analyzing the SIR data

At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what’s going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data…

1

Expired antimalware software is nearly as unsafe as having no protection at all

Analyzing data to find the root cause of infections has been a long-standing focus of the MMPC. One area we’ve been investigating is the correlation between endpoint protection and infection rates. Back in version 14 of the Security Intelligence Report (SIRv14), we first published data on infection rates for PCs protected with fully up-to-date antimalware software in comparison…

7

MSRT November 2014 – Tofsee

This month we added the Win32/Tofsee and Win32/Zoxpng malware families to the Malicious Software Removal Tool. Zoxpng is a backdoor component that can execute remote commands from a malicious hacker. It is related to Win32/Hikiti and the other threats added to the MSRT last month. Let’s take a closer look at Tofsee, the email-spamming malware…

1