msft-mmpc – Page 2 – WindowsTechs.com

Limited Periodic Scanning in Windows 10 to Provide Additional Malware Protection

Posted on May 26, 2016 by msft-mmpc

Every month, Microsoft’s Malicious Software Removal Tool (MSRT) scans more than 500 million Windows devices for malware and malicious software. This tool aids in the detection and removal of malware from 1 to 2 million machines each time, even on those devices running antivirus software. Meanwhile, many Windows customers continue to use the Microsoft Safety… Continue reading Limited Periodic Scanning in Windows 10 to Provide Additional Malware Protection→

The 5Ws and 1H of Ransomware

Posted on May 19, 2016 by msft-mmpc

For the past three months, we have seen ransomware hop its way across globe. Majority of the ransomware incidents are found in the United States, then Italy, and Canada. The prevalence of large-scale ransomware incidents led the United States and Canadian governments to issue a joint statement about ransomware. Due to the global ransomware incidents, the… Continue reading The 5Ws and 1H of Ransomware→

Malicious macro using a sneaky new trick

Posted on May 18, 2016 by msft-mmpc

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t… Continue reading Malicious macro using a sneaky new trick→

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Posted on May 10, 2016 by msft-mmpc

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large… Continue reading Large Kovter digitally-signed malvertising campaign and MSRT cleanup release→

Gamarue, Nemucod, and JavaScript

Posted on May 9, 2016 by msft-mmpc

JavaScript is now being used largely to download malware because it’s easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as Win32/Tescrypt and Win32/Crowti – two pervasive ransomware trojans… Continue reading Gamarue, Nemucod, and JavaScript→

A brief discourse on ‘Changing browsing experience’

Posted on April 22, 2016 by msft-mmpc

In response to questions we’ve received from the software distribution and monetization industry, and following our blog announcing our browser modifier policy update, we’d like to provide some details on what we refer to in our policy as “changing browsing experience”. For us, “changing browsing experience” means behaviors that modify the content of webpages. We… Continue reading A brief discourse on ‘Changing browsing experience’→

JavaScript-toting spam emails: What should you know and how to avoid them?

Posted on April 18, 2016 by msft-mmpc

We have recently observed that spam campaigns are now using JavaScript attachments aside from Office files. The purpose of the code is straightforward. It downloads and runs other malware. Some of the JavaScript downloaders that we’ve seen are: TrojanDownloader:JS/Swabfex TrojanDownloader:JS/Nemucod TrojanDownloader:JS/Locky The same JavaScript downloaders are also responsible for spreading the following ransomware: Ransom:Win32/Tescrypt Ransom:Win32/Locky… Continue reading JavaScript-toting spam emails: What should you know and how to avoid them?→

MSRT April release features Bedep detection

Posted on April 12, 2016 by msft-mmpc

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans. The bothersome Bedep Win32/Bedep was first… Continue reading MSRT April release features Bedep detection→

Keeping Browsing Experience in Users’ Hands, an Update…

Posted on March 24, 2016 by msft-mmpc

Since we published the Keeping Browsing Experience in Users’ Hands blog in December 2015, we’ve received feedback from the ecosystem and engaged in discussions with the industry. Based on those discussions and feedback, we are making a couple of updates. We are broadening the scope of the evaluation criteria we blogged about to state: Programs… Continue reading Keeping Browsing Experience in Users’ Hands, an Update…→

New feature in Office 2016 can block macros and help prevent infection

Posted on March 22, 2016 by msft-mmpc

Macro-based malware is on the rise and we understand it is a frustrating experience for everyone. To help counter this threat, we are releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios. Macro-based malware infection is still increasing Macro-based malware continues its rise. We featured macro-based malware… Continue reading New feature in Office 2016 can block macros and help prevent infection→