Updated Microsoft Malicious Software Removal Tool (March, 2006)
Microsoft has updated their malware removal tool. This is a tool that runs at Windows Update time and can also be downloaded and run on-demand. It is not a continual defense, unlike most AV products. Updates for March, 2006, include:
Source: Malicious Software Removal Tool, updated March 14, 2006.
Updated Microsoft Malware Removal Tool (Jan, 2006)It's Patch Tuesday, and that means that Microsoft has updated their Malware Removal Tool. Detection this month focuses on some of the more prolific but "beneath the radar" malware: listed on the website. The team responsible for the product are also blogging their work.
Updated Windows Defender Tool (Nov, 2005)
It's "patch Tuesday", the day when Microsoft releases their monthly patches (in this case, one fixup for November, 2005), and they also release updates to their malware removal tool. It now has a new name, too, Windows Defender, signifying it's larger purpose. The new families detected by this latest update to Windows Defender:
You can see the full list of families detected by the tool on the Microsoft website Families Cleaned by the Malicious Software Removal Tool. Remember, keep your AV policies current, always make sure you have the latest tool for the newest malware, and check on their sites for updates. You wont detect new threats with out of date tools.
Update: As noted in comments, the malicious software removal tool has not been renamed. I guess I'll still call it the MSRT in future posts.
MS Malware Tool Updated (October, 2005)Microsoft has updated the malware removal tool they wrote and maintain for October, 2005. The new malware entities they detect are:
As always, make sure you get the latest version from Microsoft. The number of families they detect and clean up is always growing.
Updated MS Malware Removal Tool (Sept. 2005)
Microsoft has updated their Malware Removal Tool for September, 2005. The new families of malware detected are:
If you're building an incident response kit, this is a worthwhile tool to have on hand. It's not a substitute for a full AV tool, but it's a fast "first pass".
If you've come to this page via a web search, make sure you download the latest update of the tool. Microsoft updates it every month.
Updated Microsoft Malware Removal Tool (August, 2005)
This past "patch Tuesday" Microsoft released an updated malware removal tool. This month adds:
You can view the tool's details online or run it from their website for your Windows system on the Microsoft Malware Removal Tool Homepage. As always, this tool is not a replacement for AV scanners and is only a relatively fast acting tool for some popular malware. Not all variants are caught.
Microsoft Malware Removal Tool Updates (July, 2005)Microsoft has updated their Malware Removal Tool with new virus, worm and malware definitions for July, 2005. New this month are: download now.
Updated Microsoft Malware Removal Tool (June, 2005)
Microsoft has updated their malware removal tool. Yesterday was patch Tuesday at Microsoft, meaning updates to the tool were also included. This month the updates include:
- Spybot, the multi-headed family of worms that has thousands of variants by now
- Kelvir, an MSN Messenger worm
- Mytob, another mass mailer worm with various capabilities
- Lovgate, a mass mailer worm family.
Updated Microsoft Malware Removal Tool
Microsoft has updated their Malware Removal Tool for May, 2005. Here's the quick overview from the Microsoft download site for the tool:
The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product
There is one new threats listed on the Knowledge Base Article regarding the tool, and the updated download page says the following addition was made:
As always, a useful tool to keep in your arsenal to supplement spyware detection tools, AV updates, and the like.
In Depth Bagle Analysis
Jason Gordon, who runs the Infection Vectors website (a great complement to Wormblog, by the way), has written an in depth analysis of the Bagle worm. This is a good continuation of the writeup posted yesterday from Kaspersky Labs.
Beagle.A was discovered in late January 2004 and was an immediate success, spreading across the globe with a very simple infection strategy: just sending the worm as an attachment to a plain email message. Over the course of the spring, Beagle ran up over two dozen variants and thousands of compromised hosts.
Infectionvectors has published two in-depth reviews of Beagle and its development history, for details and commentary on the worm, see the first report, part two, and part three.
Beagle returned from a brief hiatus in early July 2004 with variants that attacked Internet hosts with a renewed ferocity. With even more success than previous versions, Beagle.X, AA, AB, and AO made special imprints on clients around the world, turning them into mail relaying robots.
Source: Beagle Alert, published on infectionvectors.com in March, 2005.