MSRT April ‘11: Win32/Afcore

This month, the MSRT team added the Win32/Afcore family of trojans to its detections. This malware is also known as Coreflood. It has evolved over time, first breaking onto the scene in 2003. At the time, it was encountered when visiting a malicious web page containing obfuscated VBScript and detected as TrojanDropper:VBS/Inor.B. Using hexadecimal encoding,…


An Early Look at the Impact of MSRT on Zbot

As those who follow our blog already know, we added Win32/Zbot to MSRT this month.  This is a complex threat with techniques employed to make removal by AV challenging and which necessitated advances in the technology we use.  The threat is aimed at theft of credentials (often financial) and, according to the FBI, part of…