An inside look: gathering and analyzing the SIR data

At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what’s going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data…

1

MSRT November 2014 – Tofsee

This month we added the Win32/Tofsee and Win32/Zoxpng malware families to the Malicious Software Removal Tool. Zoxpng is a backdoor component that can execute remote commands from a malicious hacker. It is related to Win32/Hikiti and the other threats added to the MSRT last month. Let’s take a closer look at Tofsee, the email-spamming malware…

1

Cracking the CVE-2014-0569 nutshell

​The Microsoft Malware Protection Center (MMPC) has recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-0569. This exploit is being integrated into the Fiesta exploit kit. The vulnerability related to this malware was addressed with a patch released by Adobe on 14 October 2014. Adobe Flash Player desktop runtime for Windows versions 15.0.0.167 and…

1

The dangers of opening suspicious emails: Crowti ransomware

The Microsoft Malware Protection Center (MMPC) has seen a spike in number of detections for threats in the Win32/Crowti ransomware this month as the result of new malware campaigns. Crowti is a family of ransomware that when encountered will attempt to encrypt the files on your PC, and then ask for payment to unlock them. These…

9

The future of independent antimalware tests

Our guiding vision at the Microsoft Malware Protection Center (MMPC) is to keep every customer safe from malware. Our research team and machine learning systems, as well as industry engagement teams, function around the clock in an effort to achieve this vision. As part of these efforts, we are also working with independent antimalware testing…

5

Coordinated malware eradication nears launch

​Good news: the coordinated malware eradication preparations are almost done.  We have held several roundtable meetings at industry events around the world, and the last two are scheduled for June and July. We had insightful conversations with a diverse group of experts from across the antimalware industry. The ideas have converged into a shared vision…

2

MSRT May 2014 – Miuref

​Two new families were added to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Filcout and Win32/Miuref. We first detected Filcout in April 2014 after we observed it installing variants of Win32/Sefnit. We first detected Miuref in December 2013. This blog will discuss Miuref, a browser hijacker that can perform click fraud and hijack search…

0

SIRv16: Cybercriminal tactics trend toward deceptive measures

Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which…

3

The evolution of Rovnix: new Virtual File System (VFS)

Last July, we published a blog about Rovnix’s private TCP/IP stack. We recently discovered another evolution in Rovnix – a variant that introduces a new Virtual File System (VFS).  With our latest signature update we detect this Rovnix dropper as TrojanDropper:Win32/Rovnix.L and the infected VBR (Volume Boot Record) as Virus:DOS/Rovnix.gen!A. Unlike older Rovnix variants that…

1

Creating an intelligent “sandbox” for coordinated malware eradication

​Hello from China where I am presenting on coordinated malware eradication at the 2014 PC Security Labs Information Security Conference. Coordinated malware eradication was also the topic of my last blog. I said the antimalware ecosystem must begin to work with new types of partners if we are going to move from the current state…

4