Profile

Cover photo
Microsoft Malware Protection Center
12 followers|20,204 views
AboutPostsPhotosVideos

Stream

 
This new Donoff variant hides an encrypted URL in a string in a VBA user form button.
We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, th...
1
Add a comment...
 
Developers have to May 2, 2016 to comply with updated criteria for browser modification - see the blog http://ow.ly/ZW6Aa for details
Since we published the Keeping Browsing Experience in Users’ Hands blog in December 2015, we’ve received feedback from the ecosystem and engaged in discussions with the industry. Based on those discussions and feedback, we are making a couple of updates. We are broadening the scope of the evaluation criteria we blogged about to state: Programs...
1
Add a comment...
 
Samas ransomware: Modus operandi and prevention http://ow.ly/ZDUQh
We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. ...
1
Add a comment...
 
Our latest blog looks at Cerber ransomware
Early this month, we saw a new ransomware family that launches a three-prong attempt to get you to hand over your hard-earned cash. Called “Cerber” (it replaces file extensions with .cerber), we like to think of this three-prong approach as a nod to the mythical multiple-headed hound, Cerberus. The attack starts with a text-to-speech (TTS) synthesized...
1
Add a comment...
 
Our latest threat intelligence report looks at how exploits work.
This report looks at current and prevalent exploits, including how Microsoft is targeting them, and how you can mitigate and protect your enterprise against them.
1
Add a comment...
 
Microsoft assists law enforcement to help disrupt Dorkbot botnets
The Microsoft Malware Protection Center Blog provides information on viruses, worms and other malware and spyware and explains how Microsoft antivirus products help protect your computer
1
Add a comment...
Have them in circles
12 people
Pier Francesco Dal Ben's profile photo
James Angell's profile photo
SERDAR REFİOĞLU's profile photo
Paul Warburg's profile photo
Kroll Ontrack UK's profile photo
Asif Hussain's profile photo
mohamad aslam azam's profile photo
 
Microsoft's Defender Labs researcher explains why JavaScript is being used to download malware http://ow.ly/pGAj30027Kd
JavaScript is now being used largely to download malware because it's easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as ...
1
Add a comment...
 
Our latest blog talks about the new macro-blocking feature in Offfice 2016
Macro-based malware is on the rise and we understand it is a frustrating experience for everyone. To help counter this threat, we are releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios. Macro-based malware infection is still increasing Macro-based malware continues its rise. We featured macro-based malware...
1
Add a comment...
 
Samas ransomware: Modus operandi and prevention http://ow.ly/ZDUcw
We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. ...
1
Add a comment...
 
MSRT February 2016: http://ow.ly/Y6uUj
The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi · Gamarue · Sality · Kelihos · Diplugem​​. The updates include detections for the latest variants from these malware families.
1
Add a comment...
 
Have a secure cloud computing experience with Microsoft Azure http://ow.ly/Wzvvz
The “holy grail” of security capabilities that I’ve heard so many CISOs talk about, enables them to manage the security of the systems in their organization using a policy-based approach that provides them with a single place to monitor which systems meet their security policies, which systems do not meet policies and also helps them remediate the issues with non-compliant systems. Taking this policy-based approach a giant step further by … <a hr...
1
Add a comment...
 
Keeping browsing experience in users’ hands: http://ow.ly/WfcR7
​In April last year we announced some changes to our criteria around Adware designed to ensure that users maintain control of their experience. These changes are described in our blog, Adware: a New Approach. Since then, we've taken policy and enforcement measures to address unwanted behaviors ...
1
Add a comment...