Don’t let this Black Friday/Cyber Monday spam deliver Locky ransomware to you

We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we’re seeing a spam campaign that Amazon customers need to be wary of. The fake emails pretend to be notifications from the online retailer that a purchase has…

2

Fake fax ushers in revival of a ransomware family

“Criminal case against you” is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending to be fax messages, but in truth deliver a ransomware downloader. The attachment used in this…

0

No payment necessary: Fighting back against ransomware

Any IT professional who’s ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious…

5

Digging deep for PLATINUM

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…

0

Dead code walking

Recently I had a moment to review a group of PDF exploit files. Many exploits use various tricks to obfuscate embedded JavaScript. I thought I could de-obfuscate the samples by throwing them into a sandbox environment and enjoying the beautified source code, but these samples required a different method to coax the legible code into…

0

Active Exploitation of CVE-2010-0806

On March 9, Microsoft started investigating reports of targeted attacks using a previously undisclosed vulnerability (CVE-2010-0806) affecting Internet Explorer 6 and 7 (Internet Explorer 8, Windows 7, and Windows Server 2008 R2 are not susceptible).  As a member of the Microsoft Active Protections Program (MAPP), the MMPC and other members received information about the vulnerability…

0

What we know (and learned) from the Waledac takedown

Recently, following an investigation to which various members of the MMPC contributed, Microsoft’s Digital Crimes Unit initiated a takedown of the Waledac botnet in an action known as Operation b49, an ongoing operation to disrupt the botnet for the long term. The takedown also marked a new phase of exploration in combating botnets, which we…

0

Microsoft privacy portal a target of rogue security software

Reports of rogue security programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparent and unlawful attempt to impersonate Microsoft products. Earlier in 2009,…

1

If at first you don’t succeed…

…it might be because you weren’t meant to. Last year, the EOF virus-writing group decided to release a virus zine with the help of DoomRiderz and rRlf. Well, here is how that turned out: rRlf backed out of the project at the last minute and then folded, and DoomRiderz folded shortly after the zine was released. The…

0

The Low-Down on Daonol

A relatively new trojan has been making the rounds and causing some problems, particularly on Windows XP systems. Trojan:Win32/Daonol is malware which hooks various system calls in order to steal credential information and redirect some Web traffic. It also protects itself by keeping some security-related software from running. Several recent versions of this malware are…

0