Sign in
Microsoft Malware Protection Center
Threat Research & Response Blog
Home
About
View More Blogs
Ecosystem Strategy Blog
Microsoft Accessibility Blog
Microsoft BlueHat Blog
Microsoft Malware Protection Center Blog
Microsoft Security Blog
Microsoft Security Response Center Blog
Security Development Lifecycle Blog
Security Research & Defense Blog
Security Tips & Talk Blog
Trustworthy Computing Blog
Resources
Partner
Microsoft Safety Scanner
Microsoft Security Response Center
Microsoft Security Essentials
Microsoft Forefront
Windows Defender
Microsoft AntiSpam
MMPC
Microsoft Malware Protection Center
Microsoft Security Intelligence Report
TechNet Blogs
>
Microsoft Malware Protection Center
Follow Us
RSS for Posts
@msftmmpc
facebook
Security@Microsoft
Security Newsletter
TwC Blogs Windows Phone Application
Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Twitter @msftmmpc
Monthly Archives
Archives
August 2013
(2)
July 2013
(2)
June 2013
(5)
May 2013
(11)
April 2013
(9)
March 2013
(4)
February 2013
(4)
January 2013
(6)
December 2012
(7)
November 2012
(6)
October 2012
(10)
September 2012
(4)
August 2012
(7)
July 2012
(9)
June 2012
(4)
May 2012
(4)
April 2012
(6)
March 2012
(9)
February 2012
(5)
January 2012
(8)
December 2011
(5)
November 2011
(8)
October 2011
(8)
September 2011
(7)
August 2011
(8)
July 2011
(9)
June 2011
(10)
May 2011
(13)
April 2011
(6)
March 2011
(11)
February 2011
(9)
January 2011
(4)
December 2010
(7)
November 2010
(5)
October 2010
(12)
September 2010
(10)
August 2010
(8)
July 2010
(7)
June 2010
(6)
May 2010
(5)
April 2010
(5)
March 2010
(9)
February 2010
(7)
January 2010
(3)
December 2009
(4)
November 2009
(9)
October 2009
(6)
September 2009
(8)
August 2009
(4)
July 2009
(5)
June 2009
(7)
May 2009
(8)
April 2009
(18)
March 2009
(10)
February 2009
(8)
January 2009
(5)
December 2008
(11)
November 2008
(7)
October 2008
(12)
September 2008
(8)
August 2008
(11)
July 2008
(4)
June 2008
(3)
Subscribe via RSS
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Microsoft Malware Protection Center
Reversal of fortune: Sirefef’s registry illusion
Posted
16 days ago
by
msft-mmpc
3
Comments
I have mentioned in a previous blog that the use of the right-to-left-override (U+202E) unicode character is nothing new. This blog also went on to show the various file name tricks used by malware. But now we see something different: the use of this trick by variants of the Sirefef family of malware. The variants use the right-to-left-override character in the registry in order to hide its presence by mimicking a setting instantiated by a Google Chrome installation. When a user installs an...
Microsoft Malware Protection Center
The original AppCompat (solving a 20-year-old mystery for me)
Posted
23 days ago
by
msft-mmpc
0
Comments
DOS v5.0, released in 1991, introduced the concept of DOS loading "high". That is, into the high memory area - that special 64kb area at the top of the first megabyte of memory. As a result of this change, programs now loaded to a much lower address in memory than they did before. This change also exposed a previously unknown bug that exists in the code produced by certain versions of the Exepack utility, or Link* with the "/EXEPACK" option. The bug caused memory corruption, which usually resulted...
Microsoft Malware Protection Center
The evolution of Rovnix: Private TCP/IP stacks
Posted
1 month ago
by
msft-mmpc
8
Comments
We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack. It seems this is becoming a new trend for this type of malware. The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes. It works like this: At boot time, Rovnix hooks the following exported APIs in ndis.sys by patching the export table in memory: NdisMRegisterMiniportDriver() (for NDIS 6.0) NdisMRegisterMiniport...
Microsoft Malware Protection Center
A fresh face for the Microsoft Malware Protection Center
Posted
1 month ago
by
msft-mmpc
5
Comments
Today we launched our new Microsoft Malware Protection Center website . Throughout the redesign process we have been listening to your feedback. You asked for an easier way to find our security software and updates; you can now get to all of our product downloads straight from our homepage. While you’re on the homepage you’ll also see links to our help archive , blogs , and trending security topics from the Microsoft Community forums . One of our top priorities is to make it...
Microsoft Malware Protection Center
Viewing Vobfus infections from above
Posted
2 months ago
by
msft-mmpc
2
Comments
Win32/Vobfus is a family of worms that spreads via removable drives and downloads other malware, and a family that is causing people a lot of pain lately. Vobfus was initially discovered in September 2009 and became prevalent with its use of the MS10-046 .LNK vulnerability . The .LNK vulnerability has also been used by Chymine , Sality , and Zbot , though it is no longer used by Vobfus. The name Vobfus comes from the characteristics that these worms are V isual Basic and obfus cated. Vobfus is...
Microsoft Malware Protection Center
Another year, another rogue. Not what the doctor ordered
Posted
2 months ago
by
msft-mmpc
0
Comments
Another new year is almost upon us. Or at least that's what the distributors of Rogue:Win32/Winwebsec would have us believe - releasing a new branding System Doctor 2014 just prior to the middle of 2013. Figure 1: System Doctor 2014 user interface For some time, Winwebsec has had only one branding active at a time. While there have been a number of name changes, the interface and behavior have otherwise remained mostly unchanged. System Doctor 2014 represents a departure from this, with...
Microsoft Malware Protection Center
Investigation of a new undocumented instruction trick
Posted
2 months ago
by
msft-mmpc
0
Comments
While investigating some new malware samples this week, we came across a few interesting files that use a new trick with an undocumented instruction. We had to do a bit of digging around the Intel instructions list to solve this little mystery. While it turned out that the trick itself isn't effective in complicating debugging and disassembly, we think it's worth sharing anyway, as we're now seeing three different malware variants using it. One of the samples flagged by our systems (SHA1:3d85cc93115c1ebfdeba17b54d6570e06c1bb2f5...
Microsoft Malware Protection Center
Ad injection and you - how adware gets on your computer
Posted
2 months ago
by
msft-mmpc
Are advertisements showing up in your browser (no matter whether you use Internet Explorer, Firefox or Chrome) on sites that you've never seen ads on before; or, do the ads seem different from what you've seen before? Your system might be affected by adware that injects advertisements into sites as you browse, such as Adware:Win32/InfoAtoms and Adware:Win32/Addlyrics . One of the biggest questions we get about these programs (besides how to get rid of them), is how did it get installed in the...
Microsoft Malware Protection Center
Rise of the social bots
Posted
2 months ago
by
msft-mmpc
Malware authors and distributors follow the money. When you consider the growing popularity of social networking websites, it should come as no surprise that malware continues to maintain its presence in this area. Every year we are spending a growing proportion of our time online using social media like Facebook, Twitter and YouTube. What does this mean for the malware ecosystem? Malware authors and distributors know that social networks don’t just connect people, they also instill a...
Microsoft Malware Protection Center
Microsoft’s proactive fight against cybercrime
Posted
3 months ago
by
msft-mmpc
The Microsoft Malware Protection Center (MMPC) is committed to protecting our customers from malicious software and disrupting the malware ecosystem. To achieve these goals, we forge partnerships with internal and external teams. One such team, Microsoft Digital Crimes Unit (DCU), has expanded their partnerships to include the National Institute of Communication Technologies (INTECO) of Spain. This organization is one of the first to utilize live botnet data feeds from the new Azure-based Cyber...
Page 1 of 45 (450 items)
1
2
3
4
5
»