DOCSLIB.ORG

Microsoft Security Intelligence Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 17 | January through June, 2014 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2014 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Dennis Batchelder Nam Ng Tim Rains Microsoft Malware Protection Microsoft Trustworthy Microsoft Trustworthy Center Computing Computing Joe Blackbird Niall O'Sullivan Jerome Stewart Microsoft Malware Protection Microsoft Digital Crimes Unit Microsoft Digital Crimes Unit Center Daryl Pecelj Holly Stewart Paul Henry Microsoft IT Information Microsoft Malware Protection Wadeware LLC Security and Risk Management Center Sriram Iyer Anthony Penta Todd Thompson Application and Services Group Windows Services Safety Microsoft IT Information Platform Security and Risk Management Jeff Jones Microsoft Trustworthy Simon Pope Terry Zink Computing Microsoft Trustworthy Exchange Online Protection Computing Aneesh Kulkarni Geoff McDonald Windows Services Safety Ina Ragragio Microsoft Malware Protection Platform Microsoft Malware Protection Center Center Marc Lauricella Microsoft Trustworthy Computing Contributors Tanmay Ganacharya Sean Krulewitch Takumi Onodera Microsoft Malware Protection Application and Services Group Microsoft Premier Field Center Engineering, Japan Jenn LeMond Roger Grimes Microsoft IT Laura A. Robinson Microsoft IT Microsoft IT Geoff McDonald Chris Hale Microsoft Malware Protection Norie Tamura Microsoft Trustworthy Center CSS Japan Security Response Computing Team Scott Molenkamp Satomi Hayakawa Microsoft Malware Protection Steve Wacker CSS Japan Security Response Center Wadeware LLC Team Dolcita Montemayor Iaan Wiltshire Ben Hope Microsoft Malware Protection Microsoft Malware Protection Microsoft Malware Protection Center Center Center Daric Morton Yurika Kakiuchi Microsoft Services CSS Japan Security Response Team ii ABOUT THIS REPORT Table of contents About this report .......................................................................................................................... v Featured intelligence 1 Securing account credentials .................................................................................................... 3 Account compromise primer ...................................................................................................................... 3 Responding to recovered credentials ..................................................................................................... 14 Conclusion .................................................................................................................................................... 19 The challenge of expired security software ....................................................................... 21 How much protection does expired security software provide? ...................................................... 25 What is the cause of this problem? ......................................................................................................... 26 Guidance: Staying up-to-date with security software ......................................................................... 28 The Microsoft DCU and the legal side of fighting malware ......................................... 29 How DCU disrupts malware networks..................................................................................................... 31 Call to action ............................................................................................................................................... 32 Worldwide threat assessment 33 Vulnerabilities .............................................................................................................................. 35 Industry-wide vulnerability disclosures .................................................................................................. 35 Vulnerability severity .................................................................................................................................. 36 Vulnerability complexity ............................................................................................................................ 38 Operating system, browser, and application vulnerabilities .............................................................. 39 Microsoft vulnerability disclosures ........................................................................................................... 41 Guidance: Developing secure software ................................................................................................. 42 Exploits ........................................................................................................................................... 43 Exploit families ............................................................................................................................................ 45 Exploit kits and other HTML/JavaScript exploits ................................................................................... 46 Java exploits ................................................................................................................................................ 49 Operating system exploits ......................................................................................................................... 51 Document exploits ..................................................................................................................................... 53 Adobe Flash Player exploits ..................................................................................................................... 53 Malware ......................................................................................................................................... 55 The Sefnit saga: a timeline .........................................................................................................................57 Malware prevalence worldwide............................................................................................................... 65 MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 17, JANUARY–JUNE 2014 iii Threat categories ........................................................................................................................................ 73 Threat families ............................................................................................................................................. 76 Ransomware ................................................................................................................................................ 81 Home and enterprise threats .................................................................................................................... 85 Security software use .................................................................................................................................. 89 Guidance: Defending against malware ................................................................................................... 92 Email threats ................................................................................................................................ 93 Spam messages blocked ........................................................................................................................... 93 Guidance: Defending against threats in email ...................................................................................... 95 Malicious websites..................................................................................................................... 96 Phishing sites ................................................................................................................................................ 97 Malware hosting sites ............................................................................................................................... 102 Application reputation ............................................................................................................................. 107 Guidance: Protecting users from unsafe websites .............................................................................. 108 Mitigating risk 109 Malware at Microsoft: Dealing with threats in the Microsoft environment ........... 111 Antimalware usage .................................................................................................................................... 111 Malware detections ................................................................................................................................... 112 Malware infections ..................................................................................................................................... 114 What IT departments can do to minimize these trends ..................................................................... 115 Mitigating risk with Microsoft Office ................................................................................. 117 Security mitigations in Microsoft Office ................................................................................................
Load more

Recommended publications
  • Microsofts-Tjenestea
    Vi bruker informasjonskapsler til å forbedre opplevelsen på nettstedene våre og til Godta alle Behandle informasjonskapsler annonsering. Personvernerklæring Gå til hovedinnhold Microsoft Microsofts tjenesteavtale Microsofts tjenesteavtale Microsofts tjenesteavtale Hjem Vanlige spørsmål Microsofts tjenesteavtale Microsofts personvernerklæring Side for Bing-leverandører Mer Alt fra Microsoft Microsoft 365 Office Windows Surface Xbox Spesialtilbud Kundestøtte Programvare Windows-apper OneDrive Outlook Skype OneNote Microsoft Teams PCer og enheter Kjøp Xbox Tilbehør Underholdning Xbox Game Pass Ultimate Xbox Live Gold Xbox og spill PC-spill Windows-spill Filmer og TV Bedrift Microsoft Azure Microsoft Dynamics 365 Microsoft 365 Microsoft Industry Dataplattform Microsoft Advertising Power Platform Kjøp for bedrifter Developer & IT .NET Windows Server Windows Utviklingssenter Dokumenter Power Apps HoloLens 2 Annen Microsoft Rewards Gratis nedlastinger og sikkerhet Utdanning Gavekort Lisensiering Vis områdekart Søk på Microsoft.com SøkSøk på Microsoft.com Avbryt Publisert: 1. august 2020 Ikrafttredelsesdato: 1. oktober 2020 Skriv ut Microsofts tjenesteavtale Disse vilkårene ("Vilkår") dekke bruken av Microsoft-forbrukerprodukter, nettsteder og tjenester som er oppført på slutten av disse vilkårene her (#serviceslist) ("Tjenester"). Microsoft kommer med et tilbud til deg ved å gi deg muligheten til å abonnere på, bruke og/eller bestille Tjenestene. Du godtar disse vilkårene ved å opprette en Microsoft-konto, ved å bruke Tjenestene, eller ved å
    [Show full text]
  • Hackers Hit Supermarket Self-Checkout Lanes, Steal Money
    December 15, 2011 INSIDE THIS ISSUE Hackers Hit Supermarket Self-Checkout Lanes, Steal Hackers Hit Supermarket Self- Money from Shoppers Checkout Lanes, Steal Money Ars Technica from Shoppers Microsoft's New Windows Criminals have tampered with the credit and debit card readers at self-checkout Defender Tool Runs Outside lanes in more than 20 supermarkets operated by a [U.S.] California chain, Windows allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada MICROSOFT and urging customers who used self-checkout lanes to close their bank and credit RESOURCES card accounts. Microsoft Security Home Related reading: Magnetic Strip Technology in Our Credit Cards Facilitates Fraud. Microsoft Trustworthy Computing Analysis: Microsoft Security Sites It is the holiday season so it seemed appropriate to report on security stories Worldwide affecting shoppers. Stories about electronic skimmers and identity theft are definitely not something new in our world today — as a matter of fact they are a daily occurrence. The availability of credit card skimmers for a really cheap price and the profit made when an identity is sold make this a very lucrative business. In the current economy people seem to be using this business model to earn extra money as indicated by these stories on the FBI [U.S. Federal Bureau of Investigation] website. While it is important to be extra careful about packages being stolen from your doorstep during the holidays, it pays to be extra vigilant about your credit card information and identity as well.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
    [Show full text]
  • Open Session IICSA Inquiry - Internet Hearing 14 May 2019
    Open Session IICSA Inquiry - Internet Hearing 14 May 2019 1 Tuesday, 14 May 2019 1 to ask you a little bit about your two children, 2 (10.30 am) 2 starting with your daughter, please, and at 3 (In Open Session) 3 paragraph 20, chair, in the witness statement. 4 THE CHAIR: Good morning, everyone, and welcome to Day 2 of 4 IN-H1, is this right? That, sadly, your daughter, 5 this two-week public hearing. 5 when she was younger, aged 5, was sexually abused 6 Ms Carey? 6 herself at that age? 7 MS CAREY: Thank you, chair. We're firstly going to hear 7 A. She was. 8 this morning from IN-H1. I ask that she now be sworn, 8 Q. I think it happened at a time when you were away for 9 please. 9 a week and it was whilst you were away that the abuse 10 WITNESS IN-H1 (affirmed) 10 happened? 11 (Evidence given via videolink) 11 A. It did. 12 Examination by MS CAREY 12 Q. I think the person that did that was arrested but 13 MS CAREY: IN-H1, good morning. I'm going to ask you some 13 nothing further happened to him; is that right? 14 questions, please, about your witness statement that 14 A. Yes, that's true. 15 I hope you have in front of you. 15 Q. And as well as dealing with that, your daughter was 16 A. I do. 16 bullied at school, she became a little bit of a bully, 17 Q.
    [Show full text]
  • Yahoo Messenger Error Code 7 Softpedia
    Yahoo Messenger Error Code 7 Softpedia Available now for Linux, Mac OS X, and Microsoft Windows. Mozilla Thunderbird 38.0 Arrives with GMail OAuth2 and Yahoo Messenger Support. DESKTOP Windows Messenger, Google Talk, ICQ, Skype), but it can also directly access social with red highlights), or change font to code style (which is especially useful if you're trying There are tons of emoticons you can play with (smiley faces, objects and symbols), and some of them are compatible with Yahoo! Clear Yahoo Messenger cache in Windows. Caution: These steps apply to 32-bit and 64-bit versions of Windows XP, Windows Vista, Windows 7, and Windows. ManyCam also allows you to broadcast four video windows simultaneously or picture in picture video. wont finish downloading, gets stuck everytime and Im on an i7 the exe file runs (and I assume pulls more code down from web) Norton says Trojan. Operating Systems, Windows XP/Vista/7/8 Yahoo Messenger. Yahoo! Messenger can be run on various versions of the Windows operating Download Skype 7.1 Offline Installer Latest Version 2015 Download Skype. -Softpedia.com can add not only keystrokes and mouse actions to your scripts but also manage windows, Facebook, Yahoo, AOL, Hotmail So im using this for a game and it works great but theres one issue it doesnt June 19 at 7:32am. Yahoo Messenger Error Code 7 Softpedia >>>CLICK HERE<<< Telegram Desktop is a powerful, cross-platform messenger app that enables iOS (known as Telegram Messenger) and Windows Phone, but also desktop a valid mobile phone number, which is used for generating a security code.
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report VOLUME 23 Table of Contents Foreword...............................................................................................III Section 3: Wrestling ransomware............................................29 Analysis and explanation................................................................................30 Executive Summary........................................................................IV Solutions and recommendations.................................................................34 Section 1: Breaking botnets.........................................................5 Additional noteworthy threat intelligence.........................36 Analysis and explanation.................................................................................6 Cloud threat intelligence................................................................................37 Solutions and recommendations...............................................................14 Endpoint threat intelligence..........................................................................41 Section 2: Hackers turning to easy marks..........................15 Conclusion............................................................................................52 Social engineering...........................................................................................16 Analysis and explanation...............................................................17 Authors and Contributors...........................................................53
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 12 July through December, 2011 www.microsoft.com/sir Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2012 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. JULY–DECEMBER 2011 i Authors Dennis Batchelder David Felstead Ken Malcolmson Tim Rains Microsoft Protection Bing Microsoft Trustworthy Microsoft Trustworthy Technologies Computing Computing Paul Henry Shah Bawany Wadeware LLC Nam Ng Frank Simorjay Microsoft Windows Safety Microsoft Trustworthy Microsoft Trustworthy Platform Nitin Kumar Goel Computing Computing Microsoft Security Joe Blackbird Response Center Mark Oram Holly Stewart Microsoft Malware Microsoft Trustworthy Microsoft Malware Protection Center Jeff Jones Computing Protection Center Microsoft Trustworthy Eve Blakemore Computing Daryl Pecelj Matt Thomlinson Microsoft Trustworthy Microsoft IT Information Microsoft Trustworthy Computing Jimmy Kuo Security and Risk Computing Microsoft Malware Management Joe Faulhaber Protection Center Scott Wu Microsoft Malware Dave Probert Microsoft Malware Protection Center Marc Lauricella Microsoft
    [Show full text]
  • Software Sites-2010 ALL FULL
    Software Sites-2010 ALL FULL related:http://www.brothersoft.com/ related:http://download.cnet.com/ related:http://www.soft32.com/ related:http://www.freedownloadscenter.com/ related:http://www.filehippo.com/ related:http://www.softpedia.com/ related:http://www.dl4all.com/ related:http://www.topdownloads.net/ related:http://downloads.zdnet.com/ related:http://www.freedownloadmanager.org/ related:http://www.tucows.com/ related:http://www.download3k.com/ related:http://www.bestfreewaredownload.com/ related:http://www.download3000.com/ related:http://www.download3k.com/ related:http://www.123-free-download.com/ related:http://www.download3k.com/ related:http://www.123-free-download.com/ related:http://www.topshareware.com/ related:http://www.freedownloadsplace.com/ related:http://www.freedownloadsplace.com/ related:http://www.download32.com/ related:http://www.sharewareplaza.com/ related:http://www.freewarefiles.com/ related:http://majorgeeks.com/ related:http://www.top4download.com/ http://www.brothersoft.com/ http://download.cnet.com/ http://www.soft32.com/ http://www.freedownloadscenter.com/ http://www.filehippo.com/ http://www.softpedia.com/ http://www.dl4all.com/ http://www.topdownloads.net/ http://downloads.zdnet.com/ http://www.freedownloadmanager.org/ http://www.tucows.com/ http://www.download3k.com/ http://www.bestfreewaredownload.com/ http://www.download3000.com/ http://www.download3k.com/ http://www.123-free-download.com/ http://www.download3k.com/ http://www.123-free-download.com/ http://www.topshareware.com/ http://www.freedownloadsplace.com/ http://www.freedownloadsplace.com/ http://www.download32.com/ http://www.sharewareplaza.com/ http://www.freewarefiles.com/ http://majorgeeks.com/ http://www.top4download.com/ 1. http://download.cnet.com/ 2. http://www.soft32.com/ 3. http://www.freedownloadscenter.com/ 4.
    [Show full text]
  • Surface™ Product Solutions
    Surface Pro Surface Go Surface Laptop Go Surface Laptop Surface Pro X Surface Book Surface™ Product Solutions The Ultimate Accessories to Enhance Security, Productivity and Wellbeing Surface Studio Surface™ Pro Solutions SD7000 Surface™ Pro Docking Station Kensington have worked together with The SD7000 delivers the ultimate Surface™ experience. Built on Microsoft’s proprietary Surface Connect technology, the SD7000 is a Microsoft engineers to develop a powerful docking station allowing users to connect to two external range of officially licensed monitors, USB peripherals and a wired network. Designed for Surface accessories. This means that the product Work upright using the Surface has been designed and tested as a display or angle it flat to assure proper fit and to use as a graphics tablet in function with a Surface Studio mode device, ensuring a great customer experience. K62917EU USB-C™ Gigabit HDMI port Ethernet Combo 3.5mm 4 x Kensington With the optional Locking Kit Audio In/Out USB 3.0 DisplayPort++ Security Slot™ (K62918EU/K63251M) to secure the Surface Pro, the SD7000 offers best- in-class docking Security Solutions Control Solutions Protection Solutions Connectivity Solutions SureTrack™ Dual Wireless Mouse Black - K75298WW | Blue - K75350WW For Surface™ Pro 7 Keyed Cable Lock for Grey - K75351WW | Red - K75352WW BlackBelt™ Rugged Case USB-C ™ to Dual HDMI Adapter Surface™ Pro & Surface™ Go White - K75353WW for Surface™ Pro 7/6/5/4 K38286WW The SureTrack™ mobile mouse tracks on multiple Connect the Surface™ Pro 7 to two HDMI 4K K62044WW K97951WW surfaces (including glass) and offers 2.4GHz, monitors @ 30Hz. Clamps around kickstand to physically secure Bluetooth 3.0 and Bluetooth 5.0 connectivity.
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 396299 Cookbook: urldownload.jbs Time: 09:35:05 Date: 23/04/2021 Version: 31.0.0 Emerald Table of Contents Table of Contents 2 Analysis Report https://us.softpedia-secure- download.com:443/dl/4b98b6dbc02a94c36aff3c7686bdbd31/60813f0d/300818793/drivers/keyboard/sp100907.exe Overview 33 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 7 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 9 No static file info 9 Network Behavior 9 Network Port Distribution 10 TCP Packets 10 UDP Packets 10 DNS Queries 11 DNS Answers 11 HTTPS Packets 11 Code Manipulations 11 Statistics 11 Behavior 11 System Behavior 11 Analysis Process: cmd.exe PID: 5548 Parent PID: 2128 11 General 12 File Activities 12 File Created 12 Analysis Process: conhost.exe PID: 5536 Parent PID: 5548 12 General 12 Analysis Process: wget.exe PID: 6028 Parent PID: 5548 12 General 12 File Activities 13 File Created 13 Disassembly 13 Code Analysis 13 Copyright Joe Security LLC 2021 Page 2 of 13 Analysis Report https://us.softpedia-secure-download.co…m:443/dl/4b98b6dbc02a94c36aff3c7686bdbd31/60813f0d/300818793/drivers/keyboard/sp100907.exe
    [Show full text]
  • Bi-Weekly Cybersecurity Rollup
    UNCLASSIFIED October 28, 2016 North Dakota State and Local Intelligence Center Bi-Weekly Cybersecurity Rollup Included in this week’s summary: Click on the Section Header to go directly to that location in the Summary NORTH DAKOTA & REGIONAL (U) Phish Looking to Hook NDSU Community (U) Task force close to finalizing cybersecurity recommendations NATIONAL (U) Locky ransomware accounted for 97 percent of all malicious email attachments (U) Weebly breach affects over 43 million users (U) U.S. calls on automakers to make cyber security a priority INTERNATIONAL (U) Magneto malware hides stolen card data in image files (U) WordPress sites under attack via security flaw in unmaintained plugin (U) Windows zero-day exploited by “FruityArmor” APT group (U) Linux kernel zero-day CVE-2016-5195 patched after being deployed in live attacks (U) Dyn DDoS attack: The aftermath (U) LinkedIn to get Banned in Russia for not Complying with Data Localization Law UNCLASSIFIED UNCLASSIFIED NORTH DAKOTA & REGIONAL (U) Phish Looking to Hook NDSU Community (U) Over 280 North Dakota State email accounts had been compromised by phishing attackers since Tuesday. Students, staff and faculty are mainly being targeted through malicious phishing emails through their NDSU accounts. Examples include false emails saying users may upgrade their email storage space through Help Desk, someone’s cousin needs money or individuals in Africa need money. Source: (U) http://ndsuspectrum.com/phish-looking-to-hook-ndsu-community/ (U) Task force close to finalizing cybersecurity recommendations (U) A state cybersecurity task force is preparing for one last discussion early next month before they sign off on their recommendations in a final report to the governor.
    [Show full text]
  • Computercorner
    By Merle Windler, Thoroughbred Systems, Inc. CCoommppuutteerr CCoo rrnneerr computer is running slowly, it's because it has picked up one of the thousands of annoying, mischievous programs on the Internet. One doesn't have to do something wrong to get into trouble; sometimes just being in the wrong place at the wrong time allows trouble to come in. veryone would E likely agree that it would be foolish to have Being popular has a downside any computer on the Internet without Sometimes the problem is NOT these mischievous antivirus protection software installed. Hundreds of new programs we refer to as a virus, but rather the very viruses and malicious software programs are produced software installed on a computer to protect from them. everyday and are truly a threat to everyone who uses a The most popular and widely used antivirus programs computer, especially everyone tend to be a priority target for the using a computer on the Internet. many bad guys writing software But, sometimes the medicine is The most popular and intended to harm computer systems. worse than the ailment, when Symantec's Norton Antivirus is one of taking the wrong prescription for widely used antivirus these. In their case, to protect against one's needs. What does one do programs tend to be a this, their engineers have designed when the problem IS the antivirus their product to embed their software software or other protective priority target for the during the windows installation. The measures? many bad guys writing very complexity of this can make the Antivirus programs designed to software intended to Norton antivirus installation more help protect us from those who susceptible to corruption.
    [Show full text]