MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite

In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection…

2

MSRT March 2016 - Vonteera

As part of our ongoing effort to provide better malware protection, the March release of the Microsoft Malicious Software Removal Tool (MSRT) will include detections for Vonteera – a family of browser modifiers, and Fynloski – a family of backdoor trojans. In this blog, we’ll focus on the Vonteera family of browser modifiers. BrowserModifier:Win32/Vonteera We…

0

Rotbrow: the Sefnit distributor

This month’s addition to the Microsoft Malicious Software Removal Tool is a family that is both old and new. Win32/Rotbrow existed as far back as 2011, but the first time we saw it used for malicious purposes was only in the past few months. In September, Geoff blogged about the dramatic resurgence of Win32/Sefnit (aka…

5

MSRT August ’12 – What’s the buzz with Bafruz?

For this month’s Microsoft Malicious Software Removal Tool (MSRT) release, we will include two families: Win32/Matsnu and Win32/Bafruz. Our focus for this blog will be Bafruz, which is a multi-component backdoor that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance), and includes a nasty list of payloads, as well as unique means…

0

Dishigy dishes out the DDoS and we dig deeper...

​The May edition of the Microsoft Malicious Software Removal Tool saw the inclusion of two new malware families: Win32/Unruy and Win32/Dishigy. Let’s dig a bit deeper into Dishigy and the nature of Denial of Service. So, bear with me while I take you back to security 101… A Denial of Service (DoS) attack is a…

0

MSRT Nov' 11: Cridex - the hex of Skidlo

Earlier, we discussed Win32/Carberp, a malware family included in the November release of the Malicious Software Removal Tool. In this post, we discuss another included malware, Win32/Cridex. Win32/Cridex is a relatively new family; we discovered its first variant in the wild in August 2011. This trojan is primarily downloaded and installed by other malware, detected…

1

MSRT November '11: Carberp

We included three threat families in the November edition of the Microsoft Malicious Software Removal Tool – Win32/Carberp, Win32/Cridex and Win32/Dofoil. In this post, we discuss Win32/Carberp. The first variant of Win32/Carberp was discovered early last year. This malware has evolved from a trojan downloader that downloads an additional password stealer, such as PWS:Win32/Ldpinch, to…

0

Update on the Zbot spot!

Hello Internet! I’m back to update you on our changes to Zbot in the Malicious Software Removal Tool (MSRT). We reviewed the data coming back from MSRT in September and incorporated the findings into October’s MSRT (and beyond), which means we are now in a position to provide additional information. As I mentioned in the…

0

MSRT October '11: EyeStye

This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison. EyeStye (aka ‘SpyEye’) is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs is called “form grabbing” which involves the interception of webform data submitted to…

0