As we discussed last week, socially engineered threats are specially crafted threats designed to lure the eye and trick the mind – they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by utilizing a compromised account or familiar website. Social engineering techniques may be used in isolation, but…
Tag: botnets
MMPC Threat Report: Cracking open Qakbot
Today, we’re releasing a Microsoft Malware Protection Center Threat Report on Qakbot as a follow-up to the recently-released Microsoft SIRv10 and our special report on Battling Botnets in late 2010. This report focuses on one botnet in particular, Qakbot. Qakbot is a backdoor that includes user-mode rootkit functionality to hide itself and also steal sensitive…
MSRT April ‘11: Win32/Afcore
This month, the MSRT team added the Win32/Afcore family of trojans to its detections. This malware is also known as Coreflood. It has evolved over time, first breaking onto the scene in 2003. At the time, it was encountered when visiting a malicious web page containing obfuscated VBScript and detected as TrojanDropper:VBS/Inor.B. Using hexadecimal encoding,…
Operation b107 – Rustock Botnet Takedown
Just over one year ago, Microsoft- with industry and academic partners- utilized a novel combination of legal and technical actions to take control of the Win32/Waledac botnet as the first action in Project MARS (Microsoft Active Response for Security). Today, a similar action has had its legal seal opened allowing us to talk more openly…
Bredolab Takedown, Another Win for Collaboration
Earlier this week (October 25), authorities in the Netherlands took action against one of the Win32/Bredolab botnets and person(s) who may be responsible for this threat as part of an investigation codenamed TOLLING- part of a larger project named TAURUS. This follows on the heels of similar efforts against Win32/Zbot by the Federal Bureau of…
The Botnet Superhighway
The latest Microsoft Security Intelligence Report (SIR) dedicates a whole section to botnets and the role they play in today’s world of malware, and for good reason – the pathways of the malware world are quickly merging into a botnet superhighway, a new conduit used for many nefarious purposes. If you compare the worldwide infection…
An Early Look at the Impact of MSRT on Zbot
As those who follow our blog already know, we added Win32/Zbot to MSRT this month. This is a complex threat with techniques employed to make removal by AV challenging and which necessitated advances in the technology we use. The threat is aimed at theft of credentials (often financial) and, according to the FBI, part of…
Announcing Microsoft Security Intelligence Report version 9
Today, the 9th edition of the Microsoft Security Intelligence Report was released as Adrienne Hall, General Manager of Microsoft Trustworthy Computing Communications, gave her keynote at RSA Europe. This time around, we’ve done a few things differently. First off – we’ve dedicated this particular volume to the study of botnets and the role that…