New blog: Know and avoid the dangers of JavaScript-laden spam emails
 

Follow:

Microsoft threat intelligence archive

Threat intelligence December 2015 - Exploits

View the report online | Download as PDF

This report explores recent exploit trends, analyzes prevalent and common exploits, and summarizes current and future mitigation strategies for preventing and recovering from exploit-based attacks.

  • Overview: A summary of the report and a brief explanation of what exploits and exploit kits are and how they are most often used
  • Deliver mechanisms: Analysis of common and prevalent ways that exploits are used to infect PCs with malware
  • Trends and prevalence: Data looking at exploit detections over the past 6 months
  • Exploit analysis: In-depth analysis of exploits, with a focus on Axpergle
  • Prevention and mitigation: New technology from Microsoft and general advice for mitigating and preventing exploits
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days

Threat intelligence November 2015 - Advanced persistent threats

View the report online | Download as PDF

Advanced persistent threats (APTs) use malicious programs combined with hacking tools and techniques directed at a specific target and with a well-defined motivation. This report looks at the lifecycle of APTs, their defining characteristics, and recommendations to protect enterprises from them.

  • Overview and lifecycle: A definition of advanced persistent threats, including their lifecycle
  • Attack trends: Common and shared characteristics used by APTs
  • Microsoft's efforts: How Microsoft is working to identify and hunt APTs
  • Analysis and statistics: Examples of recent APT attacks
  • Mitigation and prevention: General advice for mitigating and preventing APT attacks
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days

Threat intelligence October 2015 - Unwanted software

View the report online | Download as PDF

This month’s report highlights the most prevalent unwanted software, and discusses how we are working with the software development industry to better detect unwanted applications.

  • Overview: How we classify unwanted software
  • Assessment: The challenges of detecting unwanted software
  • Statistics: Distribution patterns and telemetry
  • Collaboration: Industry partnerships
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days

Threat intelligence September 2015 - Ransomware

View the report online | Download as PDF

This month’s report highlights the most prevalent ransomware that we’ve seen affect both consumers and enterprises across the globe, new ransomware that we’ve seen emerge, and how some of their behaviors are changing.

  • Overview: Ransomware
  • Statistics: Ransomware infections across the globe
  • Characteristics:  Distribution patterns, symptoms of infection, and diagrams
  • Analysis: Examination of a ransomware
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days

Threat intelligence August 2015 - Windows Defender in Windows 10

View the report online  | Download as PDF

Windows 10 brings a number of advances and features over previous Windows operating systems. This report details the new technologies and features that are included in Windows Defender in Windows 10.

  • System integration: Windows Defender in Windows 10
  • Hardening improvements: Improved tampering protection
  • Improved detection: Contextual clues for Windows Defender
  • New technologies: Smart UAC, Secure events, Antimalware Scanning Interface
  • Advanced protection: Cloud protection, Windows Recovery Environment
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days

Threat intelligence July 2015 - Macro-based malware

View the report online | Download as PDF

Macro-based malware uses macros embedded in Microsoft Office files to sneak in further infection. This report includes the following sections:

  • Overview: Evolution of macro-based malware
  • Statistics: Macro-based malware infection across the globe
  • Characteristics: Distribution patterns, symptoms of infection, and diagrams
  • Analysis: Examination of a macro-based attack
  • Mitigation: General advice for mitigating the risk of infection from macro-based malware
  • Prevalent threats: Top malware detected by Microsoft security software over the past 30 days


Older reports and whitepapers

Microsoft Malware Protection Center Threat Report—Rootkits

Author: Heather Goudey | Download

Rootkits provide stealth capabilities to malware. This report examines how attackers use rootkits, and how rootkits function on affected computers.

Microsoft Malware Protection Center Threat Report—EyeStye

Authors: Jaime Wong and Shannon Sabens | Download

This report examines the prevalent EyeStye family of malware.

Microsoft Malware Protection Center Threat Report—Poison Ivy

Authors: Tareq Saade, Dan Kurc, and Holly Stewart | Download

This report provides an overview of the Win32/Poison (Poison Ivy) family of malware.

Special Edition Security Intelligence Report: Battling the Rustock Threat

Authors: David Anselmi, Richard Boscovich, T.J. Campana, Samantha Doerr, Marc Lauricella, Oleg Petrovsky, Tareq Saade, Holly Stewart | Download: PDF format| XPS format

This special edition of the SIR provides an overview of the Win32/Rustock family of rootkit-enabled backdoor trojans.

Microsoft Malware Protection Center Threat Report—Qakbot

Authors: Dan Kurc, Tareq Saade, Aaron Putnam, Holly Stewart | Download

This report provides an overview of the Win32/Qakbot (Qakbot) family of malware.

Battling the ZBot Threat

Authors: T.J. Campana, Joe Faulhaber, Paul Henry, Matt McCormack, Frank Simorjay, Holly Stewart | Download

This document provides an overview of the Win32/Zbot family of password-stealing trojans.