The 5Ws and 1H of Ransomware

For the past three months, we have seen ransomware hop its way across globe. Majority of the ransomware incidents are found in the United States, then Italy, and Canada. The prevalence of large-scale ransomware incidents led the United States and Canadian governments to issue a joint statement about ransomware. Due to the global ransomware incidents, the…

5

MSRT April release features Bedep detection

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans.   The bothersome Bedep Win32/Bedep was first…

1

No mas, Samas: What’s in this ransomware’s modus operandi?

We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them.  It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. …

0

The three heads of the Cerberus-like Cerber ransomware

Early this month, we saw a new ransomware family that launches a three-prong attempt to get you to hand over your hard-earned cash. Called “Cerber” (it replaces file extensions with .cerber), we like to think of this three-prong approach as a nod to the mythical multiple-headed hound, Cerberus. The attack starts with a text-to-speech (TTS) synthesized…

14

MSRT March 2016 – Vonteera

As part of our ongoing effort to provide better malware protection, the March release of the Microsoft Malicious Software Removal Tool (MSRT) will include detections for Vonteera – a family of browser modifiers, and Fynloski – a family of backdoor trojans. In this blog, we’ll focus on the Vonteera family of browser modifiers. BrowserModifier:Win32/Vonteera We…

0

Locky malware, lucky to avoid it

You may have seen reports of the Locky malware circulating the web; we think this is a good time to discuss its distribution methods, and reiterate some best-practice methods that will help prevent infection. We’ve seen Locky being distributed by spam email, not in itself a unique distribution method, but this means that spreading is…

26

Cleaners ought to be clean (and clear)

There are many programs that purport to clean up and optimize system performance. While Microsoft does not endorse the use of these tools with Windows, we do not view them as unwanted or malicious. Many programs in this category have a practice of providing a free version of their software that scans your system, presents the…

8

MSRT February 2016

The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi Gamarue Sality Kelihos Diplugem​​ The updates include detections for the latest variants from these malware families. There were no new malware families added to the MSRT this month. The MSRT works in tandem with real-time…

3

Expired antimalware software is nearly as unsafe as having no protection at all

Analyzing data to find the root cause of infections has been a long-standing focus of the MMPC. One area we’ve been investigating is the correlation between endpoint protection and infection rates. Back in version 14 of the Security Intelligence Report (SIRv14), we first published data on infection rates for PCs protected with fully up-to-date antimalware software in comparison…

7

Phishing: not just for banks

When people think of phishing (a deception to trick a user into sharing their credentials with a third party), they might usually think of banking. But with the popularity of online games, they can still be a target even if they protect their banking information. A typical reason for phishing in games is to steal…

0