MSRT August 2015: Vawtrak

As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Vawtrak Win32/Critroni Win32/Kasidet Critroni is a ransomware malware family that c​an lock your files and ask you to pay money to regain access to them. Variants in the Kasidet…

1

Emerging ransomware: Troldesh

Troldesh (detected as variants of Win32/Troldesh) started to show up in the early part of 2015 and became more prevalent in June this year. Overall detections have so far lessened in July – except for a notable spike around the 8th of the month, shown in Figure 1. Figure 1: Troldesh detections over the past…

3

MSRT July 2015: Crowti

In our ongoing effort to provide malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Crowti Win32/Reveton Crowti, a file encryption threat, is one of the top prevalent ransomware families. We have recently seen it sent as a spam email attachment with formats similar to those shown below:…

0

Understanding type confusion vulnerabilities: CVE-2015-0336

In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date. Keep your third-party…

7

Windows 10 to offer application developers new malware defenses

Application developers can now actively participate in malware defense – in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the Antimalware Scan Interface (AMSI) – a generic interface standard that allows applications and services to integrate with any antimalware product present on a…

29

MSRT June 2015: BrobanDel

Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT): Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is…

0

Detection changes: search protection code

​In late 2014 we announced changes to our evaluation criteria regarding the way we detect programs that have search protection functionality. Microsoft security products will detect programs with browser search protection functionality from June 1, 2015. Non-compliant programs that exhibit such functionality will be detected by our software signatures that look for browser search protection…

4

Social engineering tricks open the door to macro-malware attacks – how can we close it?

The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person’s curiosity.  With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice. The user opens the document,…

7

Cleaning up misleading advertisements

The Microsoft Malware Protection Center is committed to protecting our customers and their Windows experience. We use our evaluation criteria to determine if a program should be detected by our security products. As the software ecosystem evolves, so does our evaluation criteria. We are currently updating our evaluation criteria to address new technology changes, industry trends,…

10

MSRT April: Unskal, Saluchtra, Dexter and IeEnablerCby

This month we added four new malware families to the Malicious Software Removal Tool:  Win32/Saluchtra, Win32/Dexter, Win32/Unskal and Win32/IeEnablerCby, further protecting customers against malicious activity. IeEnablerCby is an unwanted software family that can install browser add-ons or extensions without asking for your permission. The other three malware families also have similar information stealing capabilities, if…

0