malware research – Page 2 – WindowsTechs.com

Now you see me: Exposing fileless malware

Posted on January 24, 2018 by Windows Defender ATP

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileles… Continue reading Now you see me: Exposing fileless malware→

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Posted on January 10, 2018 by Eric Avena

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks sho… Continue reading A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017→

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Posted on January 10, 2018 by Eric Avena

Cody Pierce on the Future of Exploit Development

Posted on March 13, 2017 by Chris Brook

Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations. Continue reading Cody Pierce on the Future of Exploit Development→

Nicolas Brulez on Malware Reverse Engineering Tips and Tricks

Posted on January 31, 2017 by Chris Brook

Kaspersky Lab Principal Security Researcher Nico Brulez talks with Ryan Naraine about his upcoming SAS 2017 training on the ins and outs of malware reverse engineering and how attendees can benefit for a wide range of tips and tricks. Continue reading Nicolas Brulez on Malware Reverse Engineering Tips and Tricks→

Malicious macro using a sneaky new trick

Posted on May 18, 2016 by msft-mmpc

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t… Continue reading Malicious macro using a sneaky new trick→

Digging deep for PLATINUM

Posted on April 26, 2016 by Microsoft Malware Protection Center

There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones who selectively target organizations and desire to stay undetected, protect their investment, and maximize their ROI. That’s what motivated us – the Windows Defender Advanced Threat Hunting team, known… Continue reading Digging deep for PLATINUM→

BinDiff Now Free, To Delight of Security Researchers

Posted on March 21, 2016 by Michael Mimoso

Google’s decision to make BinDiff free is being applauded by security researchers. Continue reading BinDiff Now Free, To Delight of Security Researchers→

MSRT March 2016 – Vonteera

Posted on March 9, 2016 by msft-mmpc

As part of our ongoing effort to provide better malware protection, the March release of the Microsoft Malicious Software Removal Tool (MSRT) will include detections for Vonteera – a family of browser modifiers, and Fynloski – a family of backdoor trojans. In this blog, we’ll focus on the Vonteera family of browser modifiers. BrowserModifier:Win32/Vonteera We… Continue reading MSRT March 2016 – Vonteera→