Windows Defender for Windows 10

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Posted on May 10, 2016 by msft-mmpc

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large… Continue reading Large Kovter digitally-signed malvertising campaign and MSRT cleanup release→

Gamarue, Nemucod, and JavaScript

Posted on May 9, 2016 by msft-mmpc

JavaScript is now being used largely to download malware because it’s easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as Win32/Tescrypt and Win32/Crowti – two pervasive ransomware trojans… Continue reading Gamarue, Nemucod, and JavaScript→

Digging deep for PLATINUM

Posted on April 26, 2016 by Microsoft Malware Protection Center

There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones who selectively target organizations and desire to stay undetected, protect their investment, and maximize their ROI. That’s what motivated us – the Windows Defender Advanced Threat Hunting team, known… Continue reading Digging deep for PLATINUM→

No mas, Samas: What’s in this ransomware’s modus operandi?

Posted on March 18, 2016 by msft-mmpc

We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. … Continue reading No mas, Samas: What’s in this ransomware’s modus operandi?→

Cleaners ought to be clean (and clear)

Posted on February 24, 2016 by msft-mmpc

There are many programs that purport to clean up and optimize system performance. While Microsoft does not endorse the use of these tools with Windows, we do not view them as unwanted or malicious. Many programs in this category have a practice of providing a free version of their software that scans your system, presents the… Continue reading Cleaners ought to be clean (and clear)→

Microsoft assists law enforcement to help disrupt Dorkbot botnets

Posted on December 3, 2015 by msft-mmpc

Law enforcement agencies from around the globe, aided by Microsoft security researchers, have today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot. This malware family has infected more than one million PCs in over 190 countries. Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. It… Continue reading Microsoft assists law enforcement to help disrupt Dorkbot botnets→