Select Page
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively ... continue reading
chuckenit-infection_chart1

MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite

In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, ... continue reading
shamoon-depriz-implants

Windows 10: protection, detection, and response against recent Depriz malware attacks

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over ... continue reading
Email message masquerading as a fax but carrying TrojanDownloader:JS/Crimace.A as attachment

Fake fax ushers in revival of a ransomware family

"Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending ... continue reading
Email message masquerading as a fax but carrying TrojanDownloader:JS/Crimace.A as attachment

Fake fax ushers in revival of a ransomware family

"Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending ... continue reading
The graph shows that Locky machine encounters has recently been low

The new .LNK between spam and Locky infection

Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going. The decline in Locky activity can be attributed to ... continue reading
Sample email lures potential Certor victim shows as it pretends to be a document (.docx file) from a legitimate company

Double-click me not: Malicious proxy settings in OLE Embedded Script

Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker ... continue reading