Malicious macro using a sneaky new trick

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…

8

Digging deep for PLATINUM

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…

0

Doctor Who calling–on Skype, with malware

Earlier this week, I received a phone call via Skype on my laptop, the caller’s ID was “dralerthelpzc8” as in Dr Alert Help ZC8. The voice on the other end was automated, computerized and otherwise non-human, and alerted me that I had a virus that affects Windows Vista, Windows XP and Windows 7 and that…

0

MSRT slices the Hamweq for Christmas

This month, Worm:Win32/Hamweq has been added to the Malicious Software Removal Tool (MSRT)  in time for the holidays.  Hamweq makes it on to MSRT’s “naughty” list as an IRC-controlled backdoor that spreads via removable drives. It has multiple means of hiding its presence; it installs itself into a hidden directory which it disguises as a…

0

Do and don’ts for p@$$w0rd$

Almost a year ago, we started a project designed to monitor incoming attacks against a normal user on a day-to-day basis. We presented you with details about the geographical area from where the attacks originated and what services were targeted, and we gave you just a hint about FTP dictionary-based attacks. Now we’re going into…

0

National CyberSecurity Awareness Month

Today marks the beginning of National CyberSecurity Awareness Month here in the United States. I would like to take this opportunity to acknowledge all the security professionals around the world who work tirelessly to make cyberspace a safer place for all our online pasttimes.  You know who you are.  It’s nice to know we all work…

0

Introducing Microsoft Security Essentials

The Microsoft Malware Protection Center (MMPC) would like to introduce you to Microsoft’s new security program – Microsoft Security Essentials. The MMPC is very excited about this release, which should help us to protect more customers around the world at no cost. Here’s a note from the Microsoft Security Essentials team: Microsoft Security Essentials (formerly codenamed…

0

We’re Excited to Announce the Release of the MMPC Portal V2!

We’ve been working hard, have heard your feedback, and are excited to announce V2 of the MMPC Portal!  This new portal contains several new features including stream-lined sample submission and tracking, which is made possible by creating an MMPC profile. When you log in, the information saved in your MMPC profile auto-populates the sample submission…

0

Microsoft Security Essentials Beta Announced

Microsoft Security Essentials is a new, no-cost, anti-malware solution for genuine Windows PC consumers that provides real-time protection against  viruses, spyware and other malicious threats.  It is a lightweight, effective and modern anti-malware which runs on 32 bit and 64 bit Windows 7, Windows Vista and Windows XP SP2 and higher, and on modern consumer…

0

Protecting Our Customers From Half a Million New Unique Malicious Files Every Day

You might find it hard to believe, but that’s the number of new unique malware samples we detect on average every day in the wild. During the second half of 2008 our products detected a total of nearly 95 million unique malicious files. The total number of distinct malware files we detect every day in…

0