Select Page
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Security
Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively ... continue reading
chuckenit-infection_chart1

MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite

Security
In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, ... continue reading
shamoon-depriz-implants

Windows 10: protection, detection, and response against recent Depriz malware attacks

Security
A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over ... continue reading
Email message masquerading as a fax but carrying TrojanDownloader:JS/Crimace.A as attachment

Fake fax ushers in revival of a ransomware family

Security
"Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending ... continue reading
Email message masquerading as a fax but carrying TrojanDownloader:JS/Crimace.A as attachment

Fake fax ushers in revival of a ransomware family

Security
"Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending ... continue reading
The graph shows that Locky machine encounters has recently been low

The new .LNK between spam and Locky infection

Security
Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going. The decline in Locky activity can be attributed to ... continue reading
Screenshot SoftwareBundler:Win32/InstallMonster being downloaded with details of its offering SupTab under the name "Yoursearching"

MSRT October 2016 release: Adding more unwanted software detections

Security
Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or “extra” software can perform actions on ... continue reading
Sample email lures potential Certor victim shows as it pretends to be a document (.docx file) from a legitimate company

Double-click me not: Malicious proxy settings in OLE Embedded Script

Security
Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker ... continue reading