RSS Reader for Computer Security Articles
Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software that you do not want, and some that are harmful. The bundled or “extra” software can perform actions on your device that run the gambit from unwanted to annoying to malicious. The threat that…
Read MoreAs part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this September includes detections for: BrowserModifier:Win32/Prifou TrojanClicker:Win32/NightClick Trojan:Win32/Suweezy Trojan:Win32/Xadupi This blog discusses BrowserModifier:Win32/Prifou (Prifou). Windows Defender detects this threat because it limits your choice and control over your browser and operating system. The unwanted behaviors are detailed…
Read MoreAttackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. In our previous blog, Where’s the…
Read MoreAs part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses BrowserModifier:Win32/Neobar and its inclusion in MSRT supports our unwanted software family detections in Windows Defender, along…
Read MoreThe latest Nemucod campaign shows the malware distributing a spam email attachment with a .wsf extension, specifically ..wsf (with a double dot) extension. It is a variation of what has been observed since last year (2015) – the TrojanDownloader:JS/Nemucod malware downloader using JScript. It still spreads through spam email attachment, typically inside a .zip file,…
Read MoreTrojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their latest malvertising campaigns. New persistence method Since June 2016,…
Read MoreRecently, we blogged about the basic functionality and features of the DUBNIUM advanced persistent threat (APT) activity group Stage 1 binary and Adobe Flash exploit used during the December 2015 incident (Part 1, Part 2). In this blog, we will go through the overall infection chain structure and the Stage 2 executable details. Stage 2 executables…
Read MoreWe at the MMPC are constantly tracking new and emerging ransomware threats so we can be one step ahead of active campaigns and help protect our users. As part of these efforts, we recently came across a new variant of the Win32/Troldesh ransomware family. Ransomware, like most malware, is constantly trying to change itself in…
Read More