Antimalware research for IT pros and enthusiasts

MSRT August 2016 release adds Neobar detection

Posted on August 10, 2016 by msft-mmpc

As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses BrowserModifier:Win32/Neobar and its inclusion in MSRT supports our unwanted software family detections in Windows Defender, along… Continue reading MSRT August 2016 release adds Neobar detection→

Where’s the Macro? Malware authors are now using OLE embedding to deliver malicious files

Posted on June 14, 2016 by msft-mmpc

Recently, we’ve seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we’ve seen macros used in a similar matter, and this use of OLE might indicate a shift in behavior as administrators and enterprises are mitigating against this… Continue reading Where’s the Macro? Malware authors are now using OLE embedding to deliver malicious files→

Link (.lnk) to Ransom

Posted on May 27, 2016 by msft-mmpc

We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate itself and affect more users. We detect this ransomware as Ransom:Win32/ZCryptor.A. Infection vector Ransom:Win32/ZCryptor.A is distributed through the spam email infection vector. It also gets installed in your machine through… Continue reading Link (.lnk) to Ransom→