You may have seen reports of the Locky malware circulating the web; we think this is a good time to discuss its distribution methods, and reiterate some best-practice methods that will help prevent infection. We’ve seen Locky being distributed by spam email, not in itself a unique distribution method, but this means that spreading is…Read more Locky malware, lucky to avoid it
Protecting the modern workplace from a wide range of undesirable software Our evaluation criteria describe the characteristics and behavior of malware and potentially unwanted applications and guide the proper identification of threats. Learn how we classify malicious software, unwanted software, and potentially unwanted applications. Read the blog post. There are many programs that purport to…Read more Cleaners ought to be clean (and clear)
Windows Defender harnesses the power of machine learning, contributing to making Windows 10 Microsoft’s most secure client operating system and providing increased protection against security threats facing consumers and commercial enterprises today. To reduce the number of both false negative and false positive detections our automation pipeline uses a variety of tools and technologies to…Read more Windows Defender: Rise of the machine (learning)
The Microsoft Security Intelligence Report (SIR) provides a regular snapshot of the current threat landscape, using data from more than 600 million computers worldwide. The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM – a group that uses zero-day exploits to collect the sensitive information of…Read more Microsoft Security Intelligence Report: Strontium
In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date. Keep your…Read more Understanding type confusion vulnerabilities: CVE-2015-0336
(Note: Microsoft Active Protection Service is now called Windows Defender Antivirus cloud protection service. Read about it in this blog entry: Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware.) Malware can easily send a huge enterprise infrastructure into a tailspin. However, you can get greater protection from malware by using…Read more MAPS in the cloud: How can it help your enterprise?
Recently we have seen an emerging trend among malware distributors – Bitcoin miners being integrated into installers of game repacks. This type of system hijacking is just one of the many ways to exploit a user by utilizing their system’s computing resources to earn more cash. Malware is easily bundled with game installers that are…Read more Download at your own risk: Bitcoin miners bundled with game repacks
We have talked about the impact that resulted from the Sefnit botnet Tor hazard as well as the clean-up effort that went into that threat. In this post we’d like to introduce some of the details regarding the Tor component’s configuration and its communication with the Tor service. Specifically, we’ll talk about how Trojan:Win32/Sefnit.AT communicates…Read more Sefnit’s Tor botnet C&C details