Internet Security

Microsoft Security Intelligence Report (SIR) Volume 11

by certifiedbug on October 18, 2011

in Microsoft

Microsoft Security Intelligence Report
Analysis from January to June 2011.

Volume 11 of the Microsoft® Security Intelligence Report (SIRv11) provides in-depth perspectives on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in Microsoft and third-party software. Microsoft developed these perspectives based on detailed trend analyses over the past several years, with a focus on the first half of 2011.
This document summarizes the key findings of the report. The full report also includes deep analysis of trends found in more than 100 countries/regions around the world and offers ways to manage risks to your organization, software, and people.

Zeroing in on Malware Propagation Methods
Worldwide Threat Intelligence
Vulnerability Disclosures
Exploits
Document Exploits
Malware and Potentially Unwanted Software
Operating System Infection Rates
Threat Families and Categories
Enterprise Threats
Email Threats
Malicious Websites

Download the report: Security Intelligence Report (SIR) Volume 11 [PDF]

Download library has earlier SIR volumes.

{ 0 comments }

Microsoft: Rustock Civil Case Closed

by certifiedbug on September 22, 2011

in Microsoft

The Official Microsoft® Blog

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI
22 Sep 2011

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.

We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.

Article:
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/22/rustock-civil-case-closed-microsoft-refers-criminal-evidence-to-fbi.aspx

Certifiedbug, July 18, 2011. Microsoft Offers $250,000 Reward for Information on Rustock

{ 0 comments }

Scareware Industry lull

by certifiedbug on August 3, 2011

in Scareware Rogues

Another great article from Brian Krebs.

Fake Antivirus Industry Down, But Not Out

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.

http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/

{ 0 comments }

Web redirector malware

by certifiedbug on August 2, 2011

in Microsoft

July MSRT on web redirector malware

Microsoft Malware Protection Center

This month, we added Win32/Tracur and Win32/Dursg, two of the most prevalent pieces of malware belonging to the category of ‘web redirectors’, to our Malicious Software Removal Tool (MSRT). After just over two weeks in release, we have early numbers on our success in detecting and removing these twinned threats.

In terms of functionality, Win32/Tracur is a backdoor trojan with the capability to redirect web search queries. It is worth mentioning that about 99% of Win32/Tracur samples we have seen also install Win32/Dursg.

As mentioned in our earlier post “MSRT July 2011: Targeting web redirector malware”, Win32/Tracur installs a browser helper object, or BHO, for IE to monitor web search queries. It also drops Win32/Dursg to install malicious extensions for Firefox and Opera. User query results from search engines such as Google, Yahoo!, AOL, Ask and Bing will be redirected to a malicious site. To guarantee Win32/Tracur control, it modifies several registry entries. To disguise its presence, dropped files are named similarly to Windows DLLs.

http://blogs.technet.com/b/mmpc/archive/2011/07/28/july-msrt-on-web-redirector-malware.aspx

{ 0 comments }

Microsoft Offers $250,000 Reward for Information on Rustock

July 18, 2011

The Official Microsoft Blog Posted by Richard Boscovich Senior Attorney, Microsoft Digital Crimes Unit 18 Jul 2011 Last month, I shared with you that the Rustock botnet has remained inactive since Microsoft and its partners took it offline on March 16th. Today, we take our pursuit a step further. After publishing notices in two Russian [...]

Read the full article →

Microsoft-New Threat Data on Rustock

July 6, 2011

Since successfully taking down the Rustock botnet on March 16th, Microsoft has continued to analyze the threat, investigate leads on the operations and owners of the botnet and work with Community Emergency Response Teams (CERTs) and Internet Service Providers (ISPs) worldwide to help the legitimate owners of Rustock-infected computers to clean their computers of malware. [...]

Read the full article →

Microsoft: 10 Immutable Laws Revisited

June 9, 2011

Microsoft TechNet. Version 2.0 Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way. Did a decade [...]

Read the full article →

Microsoft Advisory-Fraudulent Digital Certificates Could Allow Spoofing

March 23, 2011

Microsoft Security Advisory (2524375) Published: March 23, 2011 Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third [...]

Read the full article →

Joint effort brings down Rustock Botnet

March 17, 2011

Microsoft On The Issues 17 Mar 2011 This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused [...]

Read the full article →

MSRC: Insight into the Security Advisory 967940 AutoRun update

February 13, 2011

Microsoft Security Response Center 8 Feb 2011 In April 2009 we delivered a very public message to the Windows ecosystem that we were changing the behavior of Autorun in ways that improved security. We blogged on the progress of that transition, posting “AutoRun changes in Windows 7″ in April 2009. In November 2009, we posted [...]

Read the full article →