Archive

Archive for December, 2013

10 New Year’s resolutions for your digital devices and your online life

December 31st, 2013 No comments

It’s a new year, which means it’s time to resolve to create healthier habits in our daily lives. But we don’t have to stop at just improving our body, mind, and spirit. It’s also a good idea to resolve to keep our PCs, laptops, smartphones, and social networking sites healthy this year.

1. Keep your software up to date. You can help protect against viruses, fraud, and more by keeping your operating system, antivirus software, antispyware software, web browser, and other software updated. Microsoft releases security updates on the second Tuesday of every month. Learn how to get security updates automatically.

2. Create strong passwords, keep them secret, and change them regularly. This is particularly important for those passwords that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data. Get more information about creating strong passwords and protecting them.

3. Use antivirus software. If your computer is running Windows 8, you can use the built-in Windows Defender to help you detect and get rid of spyware and other malware. If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware.

4. Check and adjust your privacy settings. You can participate in the online world and keep your information private. Learn more about how to manage your privacy settings in Windows, Internet Explorer, your Microsoft account, Windows Phone, and more. 

Watch a video about privacy in action (1:19).

5. Teach your children about online safety. Before kids use computers, gaming consoles, or mobile devices, make sure you agree on clear limits, talk about how to keep accounts and passwords secret, and help them stand up to online bullying. If your child got a new device this holiday season, read this checklist for safety tips.

6. Monitor your children’s online behaviors, and continue to talk to them about Internet safety. If your kids are online, it’s important to have regular online safety conversations and to continue to keep track of what they’re doing. For more information, see Age-based guidelines for kids’ Internet use.

7. Upgrade to modern software that provides the latest security technologies and protections. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities. Learn more about how support for Windows XP ends this year.

8. Use SkyDrive to help protect your personal information. Ransomware is a type of malware designed to infiltrate your computer and hold your files (photos, documents, reports, etc.) hostage until you pay the demanded amount of money to a cybercriminal. One of the best ways to protect your files is to back them up using a removable drive or a cloud service like SkyDrive.

9. Explore new tools for PC protection. If you feel comfortable performing more advanced computer tasks, consider downloading the free Enhanced Mitigation Experience Toolkit (EMET), which will make it even more difficult for malicious hackers and cybercriminals to get into your computer.

10. Ignore fake tech support phone calls. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. If you receive a suspicious phone call from someone claiming to be from Microsoft, all you have to do is hang up. For more information, see Avoid tech support phone scams.

 

Online safety for kids with new digital devices

December 24th, 2013 No comments

We know that lots of kids will be getting new phones, tablets, laptops, gaming systems, and other digital devices this holiday season. If you’re a parent, guardian, or educator, here are some tips for helping kids stay safe.

  • Agree on the rules. Come up with guidelines that work for your family, and post them somewhere at home. Microsoft offers a sample agreement, the Get Game Smart PACT (PDF, 2.16 MB), to help you sort out family rules.

  • Protect their privacy. Teach kids how to keep their accounts private and lock their devices with a PIN or password. Consider disabling the location services on your young child’s devices.

  • Monitor use. Know who your kids are communicating with, what games they’re playing, and what websites or services they’re using. Follow the recommended age limits on games and social networking websites. Set limits that work for your family.

  • Teach your kids to stand up to online bullying. Encourage your kids not to post or text anything that would hurt or embarrass someone. Make sure they know never to make, send, or accept provocative texts, photos, or videos.

For more information, see our new Digital Gift-Giving Checklist.

Download a printable version of the checklist.

Protection metrics – November results

December 24th, 2013 No comments

In our October results, we talked about a trio of families related to Win32/Sefnit. Our November results showed progress against Sefnit and the installers and downloaders of Sefnit (Win32/Rotbrow and Win32/Brantall). In comparison to September, active Sefnit infections have been reduced by 82 percent. As with prior months, our rate of incorrect detections also remained low and performance stayed consistent.

(If you want a refresh on the definition of the metrics we use in our monthly results, see our initial post: Our protection metrics – September results.)

For Rotbrow, (which, by the way, was also added to the MSRT in December), we saw half the number of active infections in November in comparison to the previous month. Active Brantall infections were reduced by about a fifth, month over month.

A relatively new family, Win32/Wysotot, which was added to our realtime protection products at the end of October, and impacted 0.002 percent of our customer base in November, had a moderate impact (although much smaller in comparison to the Sefnit trio), but went into decline later in the month. Wysotot is typically installed on your computer through software bundlers that advertise free software or games. It redirects you to another website when you open certain browsers through a shortcut file. It can also download other software, run and kill processes on your computer and sends the status of your security software to a command and control (C&C) server.

The VBS/Jenxcus family had a similar impact, but, contrary to Wysotot, hasn't declined. This worm uses shortcut links to propagate, but also is often downloaded online or through torrents. It also has the capability to spread through removable drives, so if your computer's infected with Jenxcus, make sure you also scan any removable drives you've used recently with an antivirus product. More on Jenxcus next month.

Also, considering the recent action against the Sirefef family, we will have a few interesting trends to report next month. Stay tuned for that update in the new year.

In the meantime, make sure your antivirus solution is up to date. If you're running Windows 8, Windows Defender helps protect you against malware; if you're running Windows 7 and earlier, you can install Microsoft Security Essentials.

Holly Stewart

MMPC

Categories: Protection metrics, Rotbrow, Sefnit Tags:

Turkey: Understanding high malware encounter rates in SIRv15

December 23rd, 2013 No comments

In our most recent version of the Security Intelligence Report (SIRv15), we compared the encounter rates of malware categories for the top 10 countries with computers reporting the most detections in 2Q13. Amongst these countries, Turkey stood out with considerably high encounter rates in multiple categories. Encounter rate is the percentage of computers in a country that reported at least one detection of malware.

Threat category prevalence worldwide

Figure 1. Threat category prevalence worldwide and in the 10 locations with the most computers reporting detections in 2Q13. Totals for each location may exceed 100 percent because some computers reported threats from more than one category.

If you examine the above table carefully, Turkey's encounter rate in miscellaneous trojans, worms, exploits, and trojan downloaders and droppers are at least 18 percent greater than the next highest country in this list. Our research here is focused on examining contributing factors to the higher rate.

Miscellaneous trojans are malware that are self-contained and do not self-replicate. On the other hand, worms are defined as malware that send copies of themselves through various communication mechanisms. Exploits include malware that take advantage of software vulnerabilities, and trojan downloaders and droppers are trojans that download or drop other malware onto computers it has already infected. The high encounter rates of a wide area of malware types in an isolated region suggest that Turkey may have been targeted by online criminals.

Targeted encounter rate

To go about investigating this hypothesis, a definition of targeted is necessary. For this research, we define a family as targeted if at least 80 percent of the infected computers are located in a single country. Subsequently, we can update the original definition of encounter rate for this problem. Targeted encounter rate is the percentage of computers that reported at least one detection of a targeted malware family.

Targeted encounter rate in 10 locations

Figure 2. Targeted encounter rate in the 10 locations with the most computers reporting detections in 2Q13. Totals for each location may exceed 100 percent because some computers reported threats from more than one category.

Turkey has experienced extremely high targeted encounter rates in miscellaneous trojans, trojan downloaders and droppers, and worms, when compared to the other top regions/countries. Running an updated real-time antimalware solution is highly recommended for computers in any region seeing increases in these malware category types. For further information, see Running Unprotected, a deep dive into this topic in SIRv14.

Further investigation into the top targeted families in Turkey can give us more concrete evidence of targeting.

Machine count inside and outside Turkey

Figure 3. Machine count inside and outside Turkey for the top five targeted families in Turkey.

Top targeted families

Each of the top targeted families use the Turkish language in some aspect. Kilim and Reksner both use social media outlets, such as Facebook and Twitter, for infection. They gain access to user accounts and post false advertisements and malicious links in Turkish to continue spreading. Murkados hides its presence by setting the homepage of a Chrome browser, which it has modified, to the Turkish Google search webpage. Truado redirects user traffic between various Turkish websites. Preflayer uses a fake Adobe installer in Turkish to trick users and infect computers. All of these families leverage Turkish language as their basis for attack, rather than focusing on attacking Turkey-based computers. There are also hints of various Turkish words in the source code showing that the malware might be authored by local attackers.

Language targeting is not uncommon; many families specifically target languages, as we have seen above and in the Security Intelligence Report. A quick look at the Turkish language shows that most people who read websites in Turkish live in Turkey. So, malware authors targeting Turkey might just be an unintentional consequence of trying to infect the population of Turkish computer users.

From this data, we can confidently conclude that Turkey was indeed targeted by malware authors through language targeting. Social engineering, used by all families discussed above, is a method that online criminals use to trick users into performing actions or divulging confidential information, to gain access to their computers or hide the presence of malicious behavior. Social engineering can occur in any language that is used on computers, commonly using email, web or telephone scams. Using a language that is less prevalent does not exclude you from the dangers of malware.

We recommend commonly known protective measures, no matter what language you use. If you suspect that confidential information has been stolen by a social engineering attack that a computer user may have responded to, take a few steps to protect data, such as:

  • Changing passwords or PINs on all compromised accounts.
  • Place a fraud alert on credit reports.
  • Do not follow the links in fraudulent email messages and be similarly wary of files on portable flash drives.
  • Routinely review bank and credit card statements monthly for unexplained charges or inquiries.
 

IT professionals are recommended to follow best practices in security risk management, including:

  • Using group policy to enforce configuration for Windows Update and SmartScreen filter
  • Using Network Access Protection (NAP) and Direct Access (DA) to enforce compliance polices for firewall, antimalware, and patch management on remote systems connecting to corporate network
  • Implementing a strong security awareness program for their enterprise to prevent malware and potentially unwanted software.

You can learn about Microsoft's own best practices in Malware at Microsoft: Dealing with threats in the Microsoft environment.

For additional guidelines we recommend for consumers and enterprises to leverage to protect computers from social engineering attacks:

Kevin Yeo

MMPC

Categories: Uncategorized Tags:

Summering 2013

December 23rd, 2013 No comments

Jul och nyår står för dörren och det är dags att blicka tillbaka på året som passerat. För mig personligen är 2013 det första hela året jag arbetade på Microsoft och det har varit otroligt intensivt och roligt. Jag imponeras ständigt av våra kunniga medarbetare, smarta tjänster och snygga enheter. 

Även för Microsoft har det varit ett händelserikt och lanseringsintensivt år. Under 2013 har vi lanserat fyra versioner av Surface på den svenska marknaden. Surface RT och Surface Pro rönte framgångar under våren. Under hösten flyttade fram vi fram våra positioner ytterligare med Surface 2 och Surface Pro 2 samtidigt som Windows 8 passerade 100 miljoner användare.

En av världens mest använda och uppskattade tjänster, Office, presenterades också i en ny version under året. Med Office 365 tog vi steget fullt ut mot att göra Office anpassat för molnet. Många har redan flyttat dit, och fler är på väg. Vi fortsatte jobba för en mer flexibel syn på arbete och arrangerade Jobba Hemma-dagen för andra gången, och över 140 företag ställde sig bakom initiativet som fick stor uppmärksamhet i hela Sverige. 

Det var också året då bedragare utgav sig för att ringa från Microsoft och lurade människor i hela landet. Vi fortsätter jobba hårt för att upplysa och varna våra användare. Om du eller någon du känner drabbats, läs vår bloggpost. 

Det var också året då Hotmail förbättrades och bytte namn till Outlook. SkyDrive passerade 250 miljoner användare. Yammer fyllde ett år i Microsofts tjänst. Lync, Dynamics och SQL Server flyttade fram sina positioner på svenska företag. Jonas Persson ny VD för Microsoft Sverige och Steve Ballmer aviserade sin avgång som global VD för Microsoft. Windows Phone tog marknadsandelar. Skype fortsatte växa. Samarbetet med Nokia fördjupades ytterligare. Windows 8 blev Windows 8.1. Microsoft blev Sveriges bästa arbetsplats för tredje året i rad av Great Place to Work och Xbox One presenterades för världen

Och det här är bara en liten del av allt vi gjort under året. 

Jag vill önska er alla en riktigt god jul och ett gott nytt år. 2014 ser ut att bli ett spännande år på väldigt många sätt. 

Jenny Spets Wojarski 

Categories: Microsoft Tags:

Microsoft Security Intelligence Report desktop application updated with over 750 pages of data

December 20th, 2013 No comments

A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more

…(read more)

Weekend Reading: Dec. 20th Edition–‘Biggest holiday season yet’ for Windows Phone and Windows Store apps

December 20th, 2013 No comments

In this edition of Weekend Reading, we’ve got stories on the momentum building behind Windows Store and Windows Phone Store app downloads, how Bing broke out of the (search) box in 2013 and a Microsoft researcher who uses data to power his predictions.

Buoyed by new gift cards and other promotions, as well as the “biggest holiday season yet,” app development for the Windows Phone Store and Windows Store is going strong. “We’re already seeing momentum build with the (Windows) Store surpassing 12 million transactions per day and Windows Phone Store surpassing 200,000 apps,” writes Todd Brix on the Windows Phone Developers Blog, who encouraged developers to finish and update apps to meet these demands. “Taking into consideration the Microsoft and partner promotions and consumer purchase of Microsoft and Xbox gift cards in retail locations, we are forecasting over $100 million to be available for consumers to buy apps and games this holiday season across 100 retailers in 41 markets.” Some apps and games we highlighted this week include the NORAD Tracks Santa apps, the Staff App Pick: American Airlines and LiveATC, the Amtrak app, Phriz.be, the Gameloft Games collection, “Girls Like Robots,” “Subway Surfers,” “Nemo’s Reef,” Zinio, “Avengers Alliance,” Viber, “Catan” and “Riptide GP2.” To show that you don’t have to be a professional developer to get in on the action, small business owner Holly Shore created her mobile app within hours with Windows Phone App Studio.

In 2013, Bing broke out of the search box. It evolved to power a wider range of services and devices than ever, from voice search in Xbox One to Siri’s Web search results. In Windows 8.1, you can use the Search Charm to explore your files, Web results and more with a single query. Third-party developers can now benefit from Bing technology, including optical character recognition, translation, maps and voice controls, using the new Bing Developer Center. These are just some of the many ways Bing redefined search in this breakout year. You can also check out this infographic for some surprising 2013 stats.

clip_image002

Microsoft researcher David Rothschild is legendary for his ability to literally predict the future using a unique and rigorous approach to data analysis. He correctly called the results of the 2012 presidential election in every state but one. He nailed 19 of the 24 Oscar categories this past year. And he’s constantly pushing the boundaries of predictive science through experimental live polling, online prediction games and more. In this interview, David Rothschild tells you what to expect in 2014, breaks down his forecasting philosophy, and explains why you should trust professional gamblers more than cable news pundits.

clip_image004

On Wednesday, University of Colorado Health (UCHealth), one of the state’s largest healthcare providers, announced its migration to Microsoft Office 365. This decision was made in large part due to Microsoft’s long-standing commitment to data security and privacy and because the company supports HIPAA requirements beyond what other vendors provide. Microsoft was the first major IT cloud provider to offer a comprehensive, peer-reviewed Business Associate Agreement (BAA) for all of its customers. The BAA, and its subsequent updates to reflect new product offerings and changes in the law, has been widely accepted within the industry as a best practice, and has helped Microsoft establish itself as a trusted healthcare data steward.

Consumers found big savings on Xbox 360 games, adds-ons, avatars and more with the “Countdown to 2014” daily deals from the Xbox Game Store that began Tuesday, Dec. 17. In addition to those great deals, we saw the debut of the Xbox Video and Xbox Music apps for in the Windows Phone Store. Windows Phone 8 is the only phone that offers Xbox Video support this holiday season, which means you can buy and download favorite movies and TV shows from the Xbox Video service and watch them wherever you go. Use your Xbox Music Pass to stream from a catalog of tens of millions of songs using the Xbox Music service. Also, you can use the Verizon FiOS TV app now on Xbox One and Snap View to watch two programs at the same time.

This week on the Microsoft Facebook page, we helped out last-minute shoppers with eight tech gifts that won’t break the bank and five no-stress downloadable gifts.

clip_image008

Thanks for stopping by this edition of Weekend Reading. Happy holidays, wherever you are!

Posted by Athima Chansanchai
Microsoft News Center Staff

MS13-096 – Critical : Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005) – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration. This is an informational change only.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Categories: Uncategorized Tags:

MS13-096 – Critical: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration. This is an informational change only.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Categories: Uncategorized Tags:

Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration. This is an informational change only.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Categories: Uncategorized Tags:

Microsoft Security Bulletin MS13-096 – Critical – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration. This is an informational change only.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Categories: Uncategorized Tags:

Microsoft Security Bulletin MS13-096 – Critical : Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005) – Version: 1.2

Severity Rating: Critical
Revision Note: V1.2 (December 20, 2013): Revised the Based on the configuration of my system, how do I know if my system is affected? Update FAQ to include the updates that are applicable for each configuration. This is an informational change only.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Categories: Uncategorized Tags:

Microsoft’s Perspective on the NIST Preliminary Cybersecurity Framework: Four Recommendations for the Final Stages of Development

December 19th, 2013 No comments

Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here.  I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014.  These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at our Innovation and Policy Centerparticipating in NIST’s Framework workshops, and delivering prior comments on the Framework and recommendations for incentives for its adoption.  Read more

…(read more)

Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31

December 19th, 2013 No comments

Coreinfo v3.21: CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting.

Disk2vhd v2.0: Disk2vhd, a utility for performing physical-to-virtual conversion of Windows systems, adds support for VHDX-formatted VHDs (thanks to Brendan Gruber for contributions), now supports WinRE volumes, can capture removable media, and includes an option to capture live volumes instead of relying on volume shadow copy (VSS).

LiveKd v5.31: LiveKd is a utility for performing live kernel debugging of native systems and virtual machines from the host operating system. This release fixes a debugger help library search bug and fixes a bug in Windows 8/Windows Server 2012 mirror dump support.

Categories: Coreinfo, Disk2vhd, LiveKd Tags:

Microsoft celebrates 83 retail stores in 2013 with more on the way

December 19th, 2013 No comments

The following post is from Jonathan Adashek, General Manager, Communications Strategy, Sales & Marketing Services Group, Microsoft. It was originally published on The Fire Hose.


It’s been another significant year for Microsoft retail stores, and we’re proud to continue to offer our customers the choice, value and service they have come to expect from our stores. Over the past 12 months, we opened 35 stores and now have 83 full-line and specialty stores open across North America. We have welcomed more than 362 million customers to our full-line, specialty and online Microsoft Store properties in more than 200 markets worldwide.

This year the Microsoft retail stores played an exciting role in showcasing the next generation of devices and services including, the Nokia Lumia 1020 and 1520 Windows Phones, Surface 2, Xbox One, Office 365 and Windows 8.1 laptops, ultrabooks, convertibles and all-in-ones. Our store teams continued the momentum by creating special opportunities for our customers to learn about the future of technology through a variety of events and workshops, including free summer camps, first looks at the MakerBot 3D printer, midnight product launches for Surface 2 and Xbox One, as well as workshops demonstrating new ways to create holiday gifts using technology.

At every Microsoft retail store, our top priority is to provide great customer service by engaging each customer about how technology can enable their full potential. That’s why at the heart of the Microsoft retail stores is the Answer Desk, where our store associates offer free services and support on all software and hardware regardless of brand or where it was purchased.

In addition, our store associates remain committed to making a difference within their communities through collaboration with local community organizations, volunteer work and in-store workshops and events. Whether an organization is interested in tech training or a customer wants to celebrate their child’s birthday, our theater space remains free to use for the local community.

While this year was an exciting year for the Microsoft retail stores, we are committed to pushing forward and building more individual relationships with our customers. Therefore, we’re thrilled to start off the New Year by announcing the locations of our first three new stores for 2014:

· Square One Shopping Centre, Mississauga, Ontario, Canada
· Westfarms, Farmington, Conn.
· Westfield Garden State Plaza, Paramus, N.J.

We will continue to extend a majority of our specialty store locations into the New Year, while also transitioning some of those specialty stores into permanent full-line stores given the great success we’ve had with them.

Here’s to a happy New Year and good shopping in 2014!

Categories: Microsoft Stores Tags:

ZeroAccess criminals wave white flag: The impact of partnerships on cybercrime

December 19th, 2013 No comments

The following is a post from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.


Two weeks after Microsoft filed its civil case in the U.S. District Court for the Western District of Texas against the notorious Sirefef botnet, also known ZeroAccess, I am pleased to report that our disruption effort has been successful, and it appears that the criminals have abandoned their botnet. As a result, last week Microsoft requested that the court close the civil case in order to allow law enforcement to continue their investigative efforts in the matter.

As stated at the outset of this disruption effort, Microsoft and its partners did not expect to fully eliminate the ZeroAccess botnet because of the complexity of the threat. Rather, our focus was to protect people by cleaning the computers infected with the malware so they could no longer be used for harm. As we expected, less than 24 hours after our disruptive action, the cybercriminals pushed out new instructions to the ZeroAccess-infected computers in order to continue their fraud schemes. However, because we were monitoring their actions and able to identify new Internet Protocol (IP) addresses the criminals were using to commit their crimes, Europol’s European Cybercrime Centre (EC3) took immediate action to coordinate with member country law enforcement agencies, led by Germany’s Bundeskriminalamt’s (BKA) Cyber Intelligence Unit, to quickly track down those new fraud IP addresses.

After BKA’s quick response, the bot-herders released one additional update to the infected computers that included the message “WHITE FLAG,” which we believe symbolizes that the criminals have decided to surrender control of the botnet. Since that time, we have not seen any additional attempts by the bot-herders to release new code and as a result, the botnet is currently no longer being used to commit fraud.

The cybercriminals’ decision to halt their activities underscores how effective partnerships are in the fight against cybercrime. Microsoft’s partnership with EC3 was crucial to the success of this disruption. In turn, EC3’s coordination with member-state law enforcement agencies like BKA in Germany and the National Hi Tech Crime Units from the Netherlands, Latvia, Switzerland and Luxembourg demonstrates the need for international cross-jurisdictional cooperation at a speed equal to the criminal cyber threats affecting people globally.

We would like to thank all of our partners for their work to combat the ZeroAccess botnet. Microsoft is committed to protecting the public from cyber threats, and trustworthy partnership with the research and law-enforcement community is a critical component of this. We will continue to work closely with the security community globally in disruptive actions that help protect our customers and put cybercriminals out of business.

Now that Microsoft has closed the civil case, and law enforcement continues their criminal investigations to pursue the individuals behind the botnet, we must continue to focus our efforts on working with ecosystem partners around the world to notify people if their computer is infected.

As we originally shared, ZeroAccess is very sophisticated malware, and it actually blocks attempts to remove it, so we recommend that people visit http://support.microsoft.com/botnets for detailed instructions on how to clean their computers.

ZeroAccess was the first botnet operation completed since Microsoft opened the Cybercrime Center in November. The Cybercrime Center, which combines Microsoft’s legal and technical expertise with cutting-edge tools and technology to fight cybercrime, enables DCU to more effectively work with partners to fight cybercrime. I am confident you’ll hear of additional important work coming out of the Center in the months ahead.

To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter.

Categories: botnets, Digital Crimes Unit Tags:

Online safety tips for travelers

December 19th, 2013 No comments

If you’re travelling this holiday season and you plan to be online, here are a few ways to protect yourself and your family:

Get more mobile and wireless tips.

Windows 8-spel till julledigheten

December 19th, 2013 No comments

Med spel från G5 Entertainment till Windows 8/8.1 kan hela familjen ta en välbehövlig paus från julstressen. Bygg din drömstad, lös mysterium i förtrollade tavlor eller spela klassiska Mahjong. Oavsett vad som lockar just dig bjuds du på mystik, äventyr och hjärngympa. 

G5 Entertainment har många spel till Windows 8 som passar hela familjen och är perfekta att spela under julledigheten. Med brädspel, pussel, problemlösande under tidspress och äventyr har G5 spel som passar alla, säger Larissa Corcoran, marknadschef på G5 Entertainment

Lost Souls: Enchanted Paintings



Bellas liv omkullkastas när en mystisk tavla helt plötsligt står utanför hennes dag. Samma dag försvinner hennes son spårlöst. I Lost Souls: Enchanted Paintings följer du med Bella på ett magiskt äventyr genom förtrollade tavlor och för arbeta med hjärnan för att lösa spelets pusselliknande problem.

Pris: Gratis

Ladda hem Enchanted Paintings här

Virtual City Playground

I Virtual City Playground får du möjlighet att bygga din drömstad. Och sen är det upp till dig att driva staden. Det innebär att det är du som ska se till att det finns en fungerande kollektivtrafik, att soporna hämtas och att sjukvården fungerar. Det är helt enkelt upp till dig att se till att invånarna trivs i din stad.

Pris: Gratis

Ladda hem Virtual City Playground här

Mahjong Artifacts

Ta en paus från julstressen och låt Mahjong Artifacts atmosfär från antika civilisationer lugna ner dig. Spelet ger dig bonuspoäng beroende på hur skickligt du löser de olika spelplanerna, du kan även samla troféer för olika prestationer. Spelet innehåller även olika twists i form av specialbrickor som erbjuder dig nya förutsättningar att lösa problemen som du ställs för.

Pris: 55,00 SEK

Ladda hem Mahjong Artifacts här

Categories: appar, Windows 8, Windows 8.1 Tags:

Enterprise Threat Encounters: Scenarios and Recommendations – Part 1

Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries.  Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team. 

It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase.  Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. Read more.

…(read more)

MS13-075 – Important : Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (December 18, 2013): Clarified that only implementations of Microsoft Pinyin IME 2010 are affected by the vulnerability. However, this update may be offered to systems with a non-vulnerable IME. This helps to maintain consistency for shared files across Office products. For more information, see the Update FAQ.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.

Categories: Uncategorized Tags: