Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…

4

Don’t let this Black Friday/Cyber Monday spam deliver Locky ransomware to you

We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we’re seeing a spam campaign that Amazon customers need to be wary of. The fake emails pretend to be notifications from the online retailer that a purchase has…

2

Fake fax ushers in revival of a ransomware family

“Criminal case against you” is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending to be fax messages, but in truth deliver a ransomware downloader. The attachment used in this…

0

No payment necessary: Fighting back against ransomware

Any IT professional who’s ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious…

5

Digging deep for PLATINUM

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…

0

Dead code walking

Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a sandbox environment and enjoying the beautified source code, but these samples required a different method to coax the legible code into…

0

Active Exploitation of CVE-2010-0806

On March 9, Microsoft started investigating reports of targeted attacks using a previously undisclosed vulnerability (CVE-2010-0806) affecting Internet Explorer 6 and 7 (Internet Explorer 8, Windows 7, and Windows Server 2008 R2 are not susceptible).  As a member of the Microsoft Active Protections Program (MAPP), the MMPC and other members received information about the vulnerability…

0

What we know (and learned) from the Waledac takedown

Recently, following an investigation to which various members of the MMPC contributed, Microsoft’s Digital Crimes Unit initiated a takedown of the Waledac botnet in an action known as Operation b49, an ongoing operation to disrupt the botnet for the long term. The takedown also marked a new phase of exploration in combating botnets, which we…

0

Microsoft privacy portal a target of rogue security software

Reports of rogue security programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparent and unlawful attempt to impersonate Microsoft products. Earlier in 2009,…

1

If at first you don't succeed...

…it might be because you weren’t meant to. Last year, the EOF virus-writing group decided to release a virus zine with the help of DoomRiderz and rRlf. Well, here is how that turned out: rRlf backed out of the project at the last minute and then folded, and DoomRiderz folded shortly after the zine was released. The…

0