Updates

2025-05-16 15:27:22 +00:00 · 2018-08-14 13:29:27 -07:00 · 2018-08-14 13:29:27 -07:00 · a3587c3d8a
commit a3587c3d8a
parent 79d514c324
10 changed files with 51 additions and 48 deletions
--- a/windows/security/intelligence/TOC.md
+++ b/windows/security/intelligence/TOC.md
@ -16,11 +16,11 @@

 ## [Rootkits](rootkits-malware.md)

-## [Supply chain](supply-chain-malware.md)
+## [Supply chain attacks](supply-chain-malware.md)

 ## [Tech support scams](support-scams.md)

-## [Trojan malware](trojans-malware.md)
+## [Trojans](trojans-malware.md)

 ## [Unwanted software](unwanted-software.md)

--- a/windows/security/intelligence/index.md
+++ b/windows/security/intelligence/index.md
@ -30,7 +30,7 @@ There are many types of malware, including:
 - [Rootkits](rootkits-malware.md)
 - [Supply chain attacks](supply-chain-malware.md)
 - [Tech support scams](support-scams.md)
- [Trojan Malware](trojans-malware.md)
+- [Trojans](trojans-malware.md)
 - [Unwanted software](unwanted-software.md)
 - [Worms](worms-malware.md)

--- a/windows/security/intelligence/phishing.md
+++ b/windows/security/intelligence/phishing.md
@ -108,7 +108,7 @@ For more information, download and read this Microsoft [e-book on preventing soc

 ### Software solutions for organizations

-* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) and [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) offer protection from the increasing threat of targeted attacks using Microsoft's industry leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that PC from the rest of your network thereby preventing access to your enterprise data.
+* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) and [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) offer protection from the increasing threat of targeted attacks using Microsoft's industry leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that device from the rest of your network thereby preventing access to your enterprise data.

 * [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies.  Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.

--- a/windows/security/intelligence/prevent-malware-infection.md
+++ b/windows/security/intelligence/prevent-malware-infection.md
@ -32,7 +32,7 @@ For more information, see [Phishing](phishing.md).

 ## Watch out for malicious or compromised websites

-By visiting malicious or compromised sites, your PC can get infected with malware automatically or you can get tricked into downloading and installing malware.  See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers.
+By visiting malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware.  See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers.

 To identify potentially harmful websites, keep the following in mind:

@ -46,7 +46,7 @@ If you encounter an unsafe site, click **More […] > Send feedback** on Microso

 ### Pirated material on compromised websites

-Using pirated content is not only illegal, it can also expose your PC to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware.
+Using pirated content is not only illegal, it can also expose your device to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware.

 Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported.

@ -104,11 +104,11 @@ Microsoft provides comprehensive security capabilities that help protect against

 * [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge.

-* [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.
+* [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.

 ### Earlier than Windows 10 (not recommended)

-* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.
+* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business device that guards against viruses, spyware, and other malicious software.

 ## What to do with a malware infection

--- a/windows/security/intelligence/rootkits-malware.md
+++ b/windows/security/intelligence/rootkits-malware.md
@ -12,13 +12,13 @@ ms.date: 08/01/2018
 ---
 # Rootkits

-Malware authors use rootkits to hide malware on your device, allowing malware to persist on your device as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources from your PC.
+Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources.

 ## How rootkits work

-Rootkits intercepts and change standard operating system processes. After a rootkit infects a device, you can’t trust any information that device reports about itself.
+Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you can’t trust any information that device reports about itself.

-For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. Rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC.
+For example, if you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.

 Many modern malware families use rootkits to try and avoid detection and removal, including:

@ -46,13 +46,13 @@ Like any other type of malware, the best way to avoid rootkits is to prevent it

 For more general tips, see [prevent malware infection](prevent-malware-infection.md).

-### What if I think I have a rootkit on my PC?
+### What if I think I have a rootkit on my device?

 Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment.

-[Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on PCs that aren't working correctly due to a possible malware infection.
+[Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly due to a possible malware infection.

-[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) provides in Windows 10 to protect against rootkits and threats that impact system integrity 
+[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.

 ### What if I can’t remove a rootkit?

--- a/windows/security/intelligence/supply-chain-malware.md
+++ b/windows/security/intelligence/supply-chain-malware.md
@ -1,5 +1,5 @@
 ---
-title: Supply Chain
+title: Supply chain attacks
 description: Learn about how supply chain attacks work, deliver malware do your devices, and  what you can do to protect yourself
 keywords: security, malware
 ms.prod: w10
@ -11,7 +11,7 @@ author: levinec
 ms.date: 08/01/2018
 ---

-# Supply Chain
+# Supply chain attacks

 Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.  

@ -23,7 +23,7 @@ Because software is built and released by trusted vendors, these apps and update

 The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country where it was the top utility app.

-### Types of Supply Chain Attacks
+### Types of supply chain attacks

 * Compromised software building tools or updated infrastructure

@ -33,13 +33,17 @@ The number of potential victims is significant, given the popularity of some app

 * Pre-installed malware on devices (cameras, USB, phones, etc.)

+To learn more about supply chain attacks, read this blog post called [attack inception: compromised supply chain within a supply chain poses new risks](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/).
+
 ## How to protect against supply chain attacks

 * Deploy strong code integrity policies to allow only authorized apps to run.

 * Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.

-* For software vendors and developers, take steps to ensure your apps are not compromised.
+### For software vendors and developers
+
+* Take steps to ensure your apps are not compromised.

 * Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
  * Immediately apply security patches for OS and software.
@ -50,4 +54,4 @@ The number of potential victims is significant, given the popularity of some app

 * Develop an incident response process for supply chain attacks.

-For more general tips, see [prevent malware infection](prevent-malware-infection.md).
+For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).
--- a/windows/security/intelligence/support-scams.md
+++ b/windows/security/intelligence/support-scams.md
@ -38,13 +38,13 @@ It is also important to keep the following in mind:

 * Download software only from official vendor websites or the Microsoft Store. Be wary of downloading software from third-party sites, as some of them might have been modified without the author’s knowledge to bundle support scam malware and other threats.

-* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the Internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
+* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.

 * Enable Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.

 ## What to do if information has been given to a tech support person

-* Uninstall applications that scammers asked to be install. If access has been granted, consider resetting the PC.
+* Uninstall applications that scammers asked to be install. If access has been granted, consider resetting the device

 * Run a full scan with Windows Defender Antivirus to remove any malware. Apply all security updates as soon as they are available.

@ -56,9 +56,8 @@ It is also important to keep the following in mind:

 ### Reporting tech support scams

-Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams: 
+Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams:

 **www.microsoft.com/reportascam**

-You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
-
+You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
--- a/windows/security/intelligence/trojans-malware.md
+++ b/windows/security/intelligence/trojans-malware.md
@ -11,7 +11,7 @@ author: dansimp
 ms.date: 08/01/2018
 ---

-# Trojan malware
+# Trojans

 Trojans are a common type of malware which, unlike viruses, can’t spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them.

@ -21,15 +21,15 @@ Trojans often use the same file names as real and legitimate apps. It is easy to

 Trojans can come in many different varieties, but generally they do the following:

- Download and install other malware, such as viruses or worms.
+- Download and install other malware, such as viruses or [worms](worms-malware.md).

- Use the infected PC for click fraud.
+- Use the infected device for click fraud.

 - Record keystrokes and websites visited.

- Send information about the infected PC to a malicious hacker including passwords, login details for websites, and browsing history.
+- Send information about the infected device to a malicious hacker including passwords, login details for websites, and browsing history.

- Give a malicious hacker control over the infected PC.
+- Give a malicious hacker control over the infected device.

 ## How to protect against trojans

@ -39,6 +39,4 @@ Use the following free Microsoft software to detect and remove it:

 - [Microsoft Safety Scanner](https://www.microsoft.com/wdsi/products/scanner)

-You should also run a full scan. A full scan might find other, hidden malware.
-
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
--- a/windows/security/intelligence/unwanted-software.md
+++ b/windows/security/intelligence/unwanted-software.md
@ -12,23 +12,23 @@ ms.date: 08/01/2018
 ---
 # Unwanted software

-Unwanted software are programs that alter your Windows experience without your consent or control. The altered experience can be in the form of modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to Windows settings.
+Unwanted software are programs that alter the Windows experience without your consent or control. This can take the form of modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to Windows settings.

 ## How unwanted software works

-Unwanted software can be introduced when a user searches for and downloads applications from the Internet. Some applications are software bundlers, which means that they are packed with other applications. As a result, other programs can be inadvertently installed when the original application is downloaded.
+Unwanted software can be introduced when a user searches for and downloads applications from the internet. Some applications are software bundlers, which means that they are packed with other applications. As a result, other programs can be inadvertently installed when the original application is downloaded.

-Here are some indications there is unwanted software on your PC:
+Here are some indications of unwanted software:

 - There are programs that you did not install and that may be difficult to uninstall

 - Browser features or settings have changed, and you can’t view or modify them

- There are excessive messages about your PC’s system health or about files and programs in your PC
+- There are excessive messages about your device's health or about files and programs

 - There are ads that cannot be easily closed

-Some unwanted behaviors are harder to recognize. Some unwanted software, for example, modify web pages to display specific ads, monitor browsing activities, or remove control of the browser.
+Some indicators are harder to recognize because they are less disruptive, but are still unwanted. For example, unwanted software can modify web pages to display specific ads, monitor browsing activities, or remove control of the browser.

 Microsoft uses an extensive [evaluation criteria](https://www.microsoft.com/wdsi/antimalware-support/malware-and-unwanted-software-evaluation-criteria) to identify unwanted software.

@ -36,7 +36,7 @@ Microsoft uses an extensive [evaluation criteria](https://www.microsoft.com/wdsi

 To prevent unwanted software infection, download software only from official websites, or from the Microsoft Store. Be wary of downloading software from third-party sites.

-Use [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) when browsing the Internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [SmartScreen](https://docs.microsoft.com/en-us/microsoft-edge/deploy/index) (also used by Internet Explorer).
+Use [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [SmartScreen](https://docs.microsoft.com/en-us/microsoft-edge/deploy/index) (also used by Internet Explorer).

 Enable [Windows Defender AV](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.

@ -44,14 +44,14 @@ Download [Microsoft Security Essentials](https://www.microsoft.com/download/deta

 For more general tips, see [prevent malware infection](prevent-malware-infection.md).

-### What should I do if my PC is infected? 
+### What should I do if my device is infected? 

-If you suspect that you have unwanted software your PC, you can [submit files for analysis](https://www.microsoft.com/wdsi/filesubmission).
+If you suspect that you have unwanted software, you can [submit files for analysis](https://www.microsoft.com/wdsi/filesubmission).

-Some unwanted software adds uninstallation entries, which means that you can **remove them from the PC using Settings**. 
+Some unwanted software adds uninstallation entries, which means that you can **remove them using Settings**.
 1. Select the Start button
-2. Go to **Settings > Apps > Apps & features**. 
-3. Select the app you want to uninstall, then click **Uninstall**. 
+2. Go to **Settings > Apps > Apps & features**.
+3. Select the app you want to uninstall, then click **Uninstall**.

 If you only recently noticed symptoms of unwanted software infection, consider sorting the apps by install date, and then uninstall the most recent apps that you did not install.

--- a/windows/security/intelligence/worms-malware.md
+++ b/windows/security/intelligence/worms-malware.md
@ -13,21 +13,23 @@ ms.date: 08/01/2018

 # Worms

-A worm is a type of malware that spreads to other PCs. Worms can copy themselves and often spread through a PC network by exploiting security vulnerabilities. They can spread through email attachments, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.
+A worm is a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities. It can spread through email attachments, text messages, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.

 ## How worms work

-Worms represent a large category of malware. Different worms use different methods to infect devices.  Depending on the variant, they can steal sensitive information, change PC security settings, send information to malicious hackers, stop users from accessing files, and other malicious acts.
+Worms represent a large category of malware. Different worms use different methods to infect devices.  Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.

 Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.

-* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a PC from a drive-by download attack, meaning it's installed when users just visit a compromised webpage.
+* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a device from a drive-by download attack, meaning it's installed when users just visit a compromised web page.

-* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a PC, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
+* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.

-* **Bondat** typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as PC name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
+* **Bondat** typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.

-Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing on your PC they try to avoid detection by your security software.
+Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing, they try to avoid detection by security software.
+
+* [**WannaCrypt**](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (e.g. ransomware).

 This image shows how a worm can quickly spread through a shared USB drive.