Profile

Cover photo
Microsoft Malware Protection Center
12 followers|23,360 views
AboutPostsPhotosVideos

Stream

We at the MMPC are constantly tracking new and emerging ransomware threats so we can be one step ahead of active campaigns and help protect our users. As part of these efforts, we recently came across a new variant of the Win32/Troldesh ransomware family. Ransomware, like most malware, is constantly trying to change itself in...
1
Add a comment...
 
This new Donoff variant hides an encrypted URL in a string in a VBA user form button.
We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, th...
1
Add a comment...
 
Our latest blog talks about the new macro-blocking feature in Offfice 2016
Macro-based malware is on the rise and we understand it is a frustrating experience for everyone. To help counter this threat, we are releasing a new feature in Office 2016 that blocks macros from loading in certain high-risk scenarios. Macro-based malware infection is still increasing Macro-based malware continues its rise. We featured macro-based malware...
1
Add a comment...
 
Samas ransomware: Modus operandi and prevention http://ow.ly/ZDUcw
We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. ...
1
Add a comment...
 
MSRT February 2016: http://ow.ly/Y6uUj
The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi · Gamarue · Sality · Kelihos · Diplugem​​. The updates include detections for the latest variants from these malware families.
1
Add a comment...
Have them in circles
12 people
SERDAR REFİOĞLU's profile photo
James Angell's profile photo
Asif Hussain's profile photo
Pier Francesco Dal Ben's profile photo
mohamad aslam azam's profile photo
Kroll Ontrack UK's profile photo
Paul Warburg's profile photo
 
Our new blog about DUBNIUM: Reverse-engineering DUBNIUM’s Flash-targeting exploit
1
Add a comment...
 
MMPC alerts users of malware authors using OLE embedding to deliver malicious files. See how to identify and mitigate such attacks: ow.ly/p0od301gt5o
1
Add a comment...
 
Microsoft's Defender Labs researcher explains why JavaScript is being used to download malware http://ow.ly/pGAj30027Kd
JavaScript is now being used largely to download malware because it's easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as ...
1
Add a comment...
 
Developers have to May 2, 2016 to comply with updated criteria for browser modification - see the blog http://ow.ly/ZW6Aa for details
Since we published the Keeping Browsing Experience in Users’ Hands blog in December 2015, we’ve received feedback from the ecosystem and engaged in discussions with the industry. Based on those discussions and feedback, we are making a couple of updates. We are broadening the scope of the evaluation criteria we blogged about to state: Programs...
1
Add a comment...
 
Samas ransomware: Modus operandi and prevention http://ow.ly/ZDUQh
We’ve seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims’ pockets in exchange for recovering files from their encrypted form. ...
1
Add a comment...
 
Our latest blog looks at Cerber ransomware
Early this month, we saw a new ransomware family that launches a three-prong attempt to get you to hand over your hard-earned cash. Called “Cerber” (it replaces file extensions with .cerber), we like to think of this three-prong approach as a nod to the mythical multiple-headed hound, Cerberus. The attack starts with a text-to-speech (TTS) synthesized...
1
Add a comment...