committing Beth's stuff

windows/security/intelligence/TOC.md

@@ -0,0 +1,41 @@
+# [Understand malware](index.md)
+
+## [Prevent malware infection](prevent-malware-infection.md)
+
+## [Malware names](malware-naming.md)
+
+## [Coin miners](coinminer-malware.md)
+
+## [Exploits and exploit kits](exploits-malware.md)
+
+## [Macro malware](macro-malware.md)
+
+## [Phishing](phishing.md)
+
+## [Ransomware](ransomware-malware.md)
+
+## [Rootkits](rootkits-malware.md)
+
+## [Supply chain](supply-chain-malware.md)
+
+## [Support scams](support-scams.md)
+
+## [Trojan malware](trojans-malware.md)
+
+## [Unwanted software](unwanted-software.md)
+
+## [Worms](worms-malware.md)
+
+# [Industry collaboration programs](cybersecurity-industry-partners.md)
+
+## [Virus information alliance](virus-information-alliance-criteria.md)
+
+## [Microsoft virus initiative](virus-initiative-criteria.md)
+
+## [Coordinated malware eradication](coordinated-malware-eradication.md)
+
+# [Information for developers](developer-info.md)
+
+## [Software developer FAQ](developer-faq.md)
+
+## [Software developer resources](developer-resources.md)

windows/security/intelligence/coinminer-malware.md

@@ -0,0 +1,39 @@
+---
+title: Coin miners
+description: Learn about coin miners, how it works
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Coin miners
+
+Cybercriminals are always looking for new ways to make money. With the rise of digital currencies, also known as crypto currencies, criminals see a unique opportunity to infiltrate an organization and secretly mine for coins by reconfiguring malware.
+
+## How coin miners work
+
+Most infections start with:
+
+- Email messages with attachments that try to install malware.
+
+- Websites hosting exploit kits that attempt to use vulnerabilities in web browsers and other software to install coin miners.
+
+- Websites taking advantage of computer processing power by running scripts while users browse the website.
+
+Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process generates coins but requires significant computing resources.
+
+Coin miners are not inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners are not wanted in enterprise environments because they eat up precious computing resources.
+
+Cybercriminals see an opportunity to make money by running malware campaigns that distribute, install, and run trojanized miners at the expense of other people’s computing resources.
+
+### Examples
+
+DDE exploits, which have been known to distribute ransomware, are now delivering miners.
+
+For example, a sample of the malware detected as Trojan:Win32/Coinminer (SHA-256: 7213cbbb1a634d780f9bb861418eb262f58954e6e5dca09ca50c1e1324451293) is installed by Exploit:O97M/DDEDownloader.PA, a Word document that contains the DDE exploit.
+
+The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A), which then downloads the trojanized miner: a modified version of the miner XMRig, which mines Monero cryptocurrency.

windows/security/intelligence/coordinated-malware-eradication.md

@@ -0,0 +1,35 @@
+---
+title: Coordinated Malware Eradication
+description: Information and criteria regarding CME
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/12/2018
+---
+# Coordinated Malware Eradication
+
+![coordinated-malware-eradication](images/CoordinatedMalware.png)
+
+Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive.
+
+CME calls for organizations to pool their tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to drive efficient and long lasting results for better protection of our collective communities, customers, and businesses.
+
+## Combining our tools, information, and actions
+
+Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. For instance, while security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry, online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
+
+In addition to telemetry and analysis data, Microsoft is planning to contribute cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in to these campaigns.
+
+## Coordinated campaigns for lasting results
+
+Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can initiate a campaign and invite others to join it. The members then have the option to accept or decline the invitations they receive.
+
+## Join the effort
+
+Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware).
+
+Please apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx) to get started.

windows/security/intelligence/cybersecurity-industry-partners.md

@@ -0,0 +1,39 @@
+---
+title: Industry collaboration programs
+description: Describing the 3 industry collaboration programs
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/12/2018
+---
+# Industry collaboration programs
+
+Microsoft has several industry-wide collaboration programs with different objectives and requirements. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or assist in disrupting the malware ecosystem.
+
+## Virus Information Alliance (VIA)
+
+The VIA program gives members access to information that will help improve protection for Microsoft customers. Malware telemetry and samples can be provided to security teams to help identify gaps in their protection, prioritize new threat coverage, or better respond to threats.
+
+**You must be a member of VIA if you want to apply for membership to the other programs.**
+
+Go to the [VIA program page](virus-information-alliance-criteria.md) for more information.
+
+## Microsoft Virus Initiative (MVI)
+
+MVI is open to organizations who build and own a Real Time Protection (RTP) antimalware product of their own design, or one developed using a third-party antivirus SDK.
+
+Members get access to Microsoft client APIs for the Windows Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Antimalware products are submitted to Microsoft for performance testing on a regular basis.
+
+Go to the [MVI program page](virus-initiative-criteria.md) for more information.
+
+## Coordinated Malware Eradication (CME)
+
+CME is open to organizations who are involved in cybersecurity and antimalware or interested in fighting cybercrime.
+
+The program aims to bring organizations in cybersecurity and other industries together to pool tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to create efficient and long-lasting results for better protection of our collective communities, customers, and businesses.
+
+Go to the [CME program page](coordinated-malware-eradication.md) for more information.

windows/security/intelligence/developer-faq.md

@@ -0,0 +1,41 @@
+---
+title: Software developer FAQ
+description: This page provides answers to common questions we receive from software developers
+keywords: wdsi, software, developer, faq, dispute, false-positive, classify, installer, software, bundler, blocking
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 07/01/2018
+---
+
+# Software developer FAQ
+
+This page provides answers to common questions we receive from software developers. For general guidance about submitting malware or incorrectly detected files, read the submission guide.
+
+## Does Microsoft accept files for a known list or false-positive prevention program?
+No. We do not accept these requests from software developers. Signing your program's files in a consistent manner, with a digital certificate issued by a trusted root authority, helps our research team quickly identify the source of a program and apply previously gained knowledge. In some cases, this might result in your program being quickly added to the known list or, far less frequently, in adding your digital certificate to a list of trusted publishers.
+
+## How do I dispute the detection of my program?
+Submit the file in question as a software developer. Wait until your submission has a final determination. 
+
+If you're not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary.
+
+We encourage all software vendors and developers to read about how Microsoft identifies malware and unwanted software. 
+
+## Why is Microsoft asking for a copy of my program?
+This can help us with our analysis. Participants of the Microsoft Active Protection Service (MAPS) may occasionally receive these requests. The requests will stop once our systems have received and processed the file.
+
+## Why does Microsoft classify my installer as a software bundler?
+It contains instructions to offer a program classified as unwanted software. You can review the criteria we use to check applications for behaviors that are considered unwanted.
+
+## Why is the Windows Firewall blocking my program?
+This is not related to Windows Defender Antivirus and other Microsoft antimalware. You can find out more about Windows Firewall from the Microsoft Developer Network.
+
+## Why does the Windows Defender SmartScreen say my program is not commonly downloaded?
+This is not related to Windows Defender Antivirus and other Microsoft antimalware. You can find out more from the SmartScreen website.
+

windows/security/intelligence/developer-info.md

@@ -0,0 +1,25 @@
+---
+title: Information for developers
+description: This page provides answers to common questions we receive from software developers and other useful resources
+keywords: software, developer, faq, dispute, false-positive, classify, installer, software, bundler, blocking
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 07/13/2018
+---
+
+# Information for developers
+Learn about the common questions we receive from software developers and get other developer resources such as detection criteria and file submissions.
+
+## In this section 
+Topic | Description 
+:---|:---
+[Software developer FAQ](developer-faq.md) | Provides answers to common questions we receive from software developers.
+[Developer resources](developer-resources.md) | Provides information about how to submit files, detection criteria, and how to check your software against the latest definitions and cloud protection from Microsoft.
+
+

windows/security/intelligence/developer-resources.md

@@ -0,0 +1,43 @@
+---
+title: Software developer resources
+description: This page provides information for developers such as detection criteria, developer questions, and how to check your software against definitions.
+keywords: wdsi, software, developer, resources, detection, criteria, questions, scan, software, definitions, cloud, protection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 07/13/2018
+---
+
+# Software developer resources
+
+Concerned about the detection of your software?
+If you believe that your application or program has been incorrectly detected by Microsoft security software, submit the relevant files for analysis.
+
+Check out the following resources for information on how to submit and view submissions:
+- [Submit files](https://www.microsoft.com/en-us/wdsi/filesubmission)
+- [View your submissions](https://www.microsoft.com/en-us/wdsi/submissionhistory)
+
+## Additional resources
+
+### Detection criteria
+
+To objectively identify malware and unidentified software, Microsoft applies a set of criteria for evaluating malicious or potentially harmful code.
+
+For more information, see
+
+### Developer questions
+
+Find more guidance about the file submission and detection dispute process in our FAQ for software developers.
+
+For more information, see
+
+### Scan your software
+
+Use Windows Defender Antivirus to check your software against the latest definitions and cloud protection from Microsoft.
+
+For more information, see

windows/security/intelligence/exploits-malware.md

@@ -0,0 +1,51 @@
+---
+title: Exploits and exploit kits
+description: Learn about exploits and how they're used to infect devices and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Exploits and exploit kits
+
+Exploits take advantage of “vulnerabilities” in software. A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware exploits these vulnerabilities to bypass your computer's security safeguards to infect your device.
+
+## How it works
+
+Exploits are often the first part of a larger attack. Hackers scan for outdated systems that contain critical vulnerabilities, which they then exploit by deploying targeted malware. Exploits often include what's called "shellcode". This is a small malware payload that's used to download additional malware from attacker-controlled networks. This allows hackers to infect devices and infiltrate organizations.
+
+Exploit kits are more comprehensive tools that contain a collection of exploits. These kits scan devices for different kinds of software vulnerabilities and, if any are detected, deploys additional malware to further infect a device. Kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java and Sun Java.
+
+The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails. Some websites unknowingly and unwillingly host malicious code and exploits in their ads.
+
+The infographic below shows how an exploit kit might attempt to exploit your PC when you visit a compromised webpage.
+
+![example of how exploit kits work](./images/exploitkit.png)
+
+*Example of how exploit kits work*
+
+Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to launch malware.
+
+Prevalent exploit kits include:
+- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fAxpergle)
+- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fNeutrino)
+- [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
+
+## How to protect against exploits
+
+The best prevention for exploits is to keep your software up-to-date. Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to your devices is an important step to prevent malware.
+
+Enterprise admins typically manage updates for apps, devices, servers in large organizations.
+
+## How we name exploits
+
+We categorize exploits in our Malware encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.
+
+A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2016-0778.
+The portion "2016" refers to the year the vulnerability was discovered. The "0778" is a unique ID for this specific vulnerability.
+
+You can read more on the [CVE website](https://cve.mitre.org/).

windows/security/intelligence/index.md

@@ -0,0 +1,36 @@
+---
+title: Understand malware
+description: Learn about the different types of malware, how they work, and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Understand malware
+Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more.
+
+Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims.
+
+As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. Businesses can trust in the next-generation capabilities of our security features to ensure they stay protected.
+
+There are many types of malware, including:
+
+- [Coin miners](coinminer-malware.md)
+- [Exploits and exploit kits](exploits-malware.md)
+- [Macro malware](macro-malware.md)
+- [Phishing](phishing.md)
+- [Ransomware](ransomware-malware.md)
+- [Rootkits](rootkits-malware.md)
+- [Supply Chain](supply-chain-malware.md)
+- [Support scams](support-scams.md)
+- [Trojan Malware](trojans-malware.md)
+- [Unwanted software](unwanted-software.md)
+- [Worms](worms-malware.md)
+
+Keep up with the latest malware news and research. Check out our [Windows security blogs](http://aka.ms/wdsecurityblog) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections.
+
+Learn more about [Windows security](https://docs.microsoft.com/en-us/windows/security/index).

windows/security/intelligence/macro-malware.md

@@ -0,0 +1,53 @@
+---
+title: Macro malware
+description: Learn about how macro malware works, how it can infect devices, and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Macro malware
+
+Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, Macro malware uses this functionality to infect your device.
+
+## How Macro malware works
+
+Macro malware hides in Microsoft Word or Microsoft Excel documents and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare you into opening them. They often look like invoices, receipts, legal documents, and more. Examples of filenames include:
+
+- case number.doc
+- e-ticket_79010838.doc
+- fax_msg896-599-5459.doc
+- invoice_723961.doc
+- legal_complaint.doc
+- logmein_coupon.doc
+- receipt_3458934.doc
+
+Macro malware was fairly common several years ago because macros ran automatically whenever you opened a document.
+
+However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince you to turn on macros so that their malware can run. They do this by showing you fake warnings when you open a malicious document.
+
+If you are fooled into enabling macros in a document that contains malware, you could be infected. We've have seen macro malware download threats from the following families:
+
+- Ransom:MSIL/Swappa
+- Ransom:Win32/Teerac
+- TrojanDownloader:Win32/Chanitor
+- TrojanSpy:Win32/Ursnif 
+- Win32/Fynloski
+- [Worm:Win32/Gamarue](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue)
+
+## How to protect against macro malware
+
+These kinds of threats require users to enable macros.
+
+Protect yourself and your organization by keeping an eye out for suspicious attachments and check your macro settings.
+
+- Check if macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
+    - [Enable or disable macros](https://support.office.com/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12) in Office documents
+
+- Don’t open suspicious emails or suspicious attachments
+
+- If you get an email from someone you don’t know, or an invoice for something you don’t remember buying, delete it. Spam emails are the main way macro malware spreads.

windows/security/intelligence/malware-naming.md

@@ -0,0 +1,175 @@
+---
+title: Malware names
+description: Identifying malware vocabulary
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/13/2018
+---
+# Malware Names
+
+We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format:
+
+![coordinated-malware-eradication](images/NamingMalware1.png)
+
+When our analysts research a particular threat, they will determine what each of the components of the name will be.
+
+## Type
+
+Describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware.
+
+* Adware
+* Backdoor
+* Behavior
+* BrowserModifier
+* Constructor
+* DDoS
+* Exploit
+* Hacktool
+* Joke
+* Misleading
+* MonitoringTool
+* Program
+* PWS
+* Ransom
+* RemoteAccess
+* Rogue
+* SettingsModifier
+* SoftwareBundler
+* Spammer
+* Spoofer
+* Spyware
+* Tool
+* Trojan
+* TrojanClicker
+* TrojanDownloader
+* TrojanNotifier
+* TrojanProxy
+* TrojanSpy
+* VirTool
+* Virus
+* Worm
+
+## Platforms
+
+Indicates the operating system (such as Windows, Mac OS X, and Android) that the malware is designed to work on. The platform is also used to indicate programming languages and file formats.
+
+### Operating systems
+
+* AndroidOS: Android operating system
+* DOS: MS-DOS platform
+* EPOC: Psion devices
+* FreeBSD: FreeBSD platform
+* iPhoneOS: iPhone operating system
+* Linux: Linux platform
+* MacOS: MAC 9.x platform or earlier
+* MacOS_X: MacOS X or later
+* OS2: OS2 platform
+* Palm: Palm operating system
+* Solaris: System V-based Unix platforms
+* SunOS: Unix platforms 4.1.3 or lower
+* SymbOS: Symbian operating system
+* Unix: general Unix platforms
+* Win16: Win16 (3.1) platform
+* Win2K: Windows 2000 platform
+* Win32: Windows 32-bit platform
+* Win64: Windows 64-bit platform
+* Win95: Windows 95, 98 and ME platforms
+* Win98: Windows 98 platform only
+* WinCE: Windows CE platform
+* WinNT: WinNT
+
+### Scripting languages
+
+* ABAP: Advanced Business Application Programming scripts
+* ALisp: ALisp scripts
+* AmiPro: AmiPro script
+* ANSI: American National Standards Institute scripts
+* AppleScript: compiled Apple scripts
+* ASP: Active Server Pages scripts
+* AutoIt: AutoIT scripts
+* BAS: Basic scripts
+* BAT: Basic scripts
+* CorelScript: Corelscript scripts
+* HTA: HTML Application scripts
+* HTML: HTML Application scripts
+* INF: Install scripts
+* IRC: mIRC/pIRC scripts
+* Java: Java binaries (classes)
+* JS: Javascript scripts
+* LOGO: LOGO scripts
+* MPB: MapBasic scripts
+* MSH: Monad shell scripts
+* MSIL: .Net intermediate language scripts
+* Perl: Perl scripts
+* PHP: Hypertext Preprocessor scripts
+* Python: Python scripts
+* SAP: SAP platform scripts
+* SH: Shell scripts
+* VBA: Visual Basic for Applications scripts
+* VBS: Visual Basic scripts
+* WinBAT: Winbatch scripts
+* WinHlp: Windows Help scripts
+* WinREG: Windows registry scripts
+
+### Macros
+
+* A97M: Access 97, 2000, XP, 2003, 2007, and 2010 macros
+* HE: macro scripting
+* O97M: Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint
+* PP97M: PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros
+* V5M: Visio5 macros
+* W1M: Word1Macro
+* W2M: Word2Macro
+* W97M: Word 97, 2000, XP, 2003, 2007, and 2010 macros
+* WM: Word 95 macros
+* X97M: Excel 97, 2000, XP, 2003, 2007, and 2010 macros
+* XF: Excel formulas
+* XM: Excel 95 macros
+
+### Other file types
+
+* ASX: XML metafile of Windows Media .asf files
+* HC: HyperCard Apple scripts
+* MIME: MIME packets
+* Netware: Novell Netware files
+* QT: Quicktime files
+* SB: StarBasic (Staroffice XML) files
+* SWF: Shockwave Flash files
+* TSQL: MS SQL server files
+* XML: XML files
+
+## Family
+
+Grouping of malware based on common characteristics, including attribution to the same authors. Security software providers sometimes use different names for the same malware family.
+
+## Variant letter
+
+Used sequentially for every distinct version of a malware family. For example, the detection for the variant ".AF" would have been created after the detection for the variant ".AE".
+
+## Suffixes
+
+Provides extra detail about the malware, including how it is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T.
+
+* .dam: damaged malware
+* .dll: Dynamic Link Library component of a malware
+* .dr: dropper component of a malware
+* .gen: malware that is detected using a generic signature
+* .kit: virus constructor
+* .ldr: loader component of a malware
+* .pak: compressed malware
+* .plugin: plug-in component
+* .remnants: remnants of a virus
+* .worm: worm component of that malware
+* !bit: an internal category used to refer to some threats
+* !dha: an internal category used to refer to some threats
+* !pfn: an internal category used to refer to some threats
+* !plock: an internal category used to refer to some threats
+* !rfn: an internal category used to refer to some threats
+* !rootkit: rootkit component of that malware
+* @m: worm mailers
+* @mm: mass mailer worm

windows/security/intelligence/phishing.md

@@ -0,0 +1,128 @@
+---
+title: Phishing
+description: Learn about how phishing work, deliver malware do your devices, and  what you can do to protect yourself
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/18/2018
+---
+
+# Phishing
+
+Phishing attacks attempt to steal sensitive information from internet users through emails, websites, text messages, or other forms of electronic communication that often look to be official communication from legitimate companies or individuals.
+
+The information that phishers (as the cybercriminals behind phishing attacks are called) attempt to steal can be user names and passwords, credit card details, bank account information, or other credentials. Attackers can then use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. Phishers can also sell the information in cybercriminal underground marketplaces.  
+
+## How phishing works
+
+Phishing attacks are scams that often use social engineering bait or lure content. For example, during tax season, bait content involves tax-filing announcements that attempt to lure you into providing your personal information such as your Social Security number or bank account information.
+
+Legitimate-looking communication, usually email, that links to a phishing site is one of the most common methods used in phishing attacks. The phishing site typically mimics legitimate sign-in pages that require users to input login credentials and account information. The phishing site then captures the sensitive information as soon as the user provides it, giving attackers access to the information.
+
+Another common phishing technique is the use of emails that direct you to open a malicious attachment, for example a PDF file. The attachment often contains a message asking you to provide login credentials to another site such as email or file sharing websites to open the document. When you access these phishing sites using your login credentials, the attacker now has access to your information and can gain additional personal information about you.
+
+## Phishing trends and techniques
+
+### Invoice phishing
+
+In this scam, the attacker attempts to lure you with an email stating that you have an outstanding invoice from a known vendor or company and provides a link for you to access and pay your invoice. When you access the site, the attacker is poised to steal your personal information and funds.
+
+### Payment/delivery scam
+
+You are asked to provide a credit card or other personal information so that your payment information can be updated with a commonly known vendor or supplier.  The update is requested so that you can take delivery of your ordered goods. Generally, you may be familiar with the company and have likely done business with them in the past, but you are not aware of any items you have recently purchased from them.
+
+### Tax-themed phishing scams
+
+A common IRS phishing scams is one in which an urgent email letter is sent indicating that you owe money to the IRS. Often the email threatens legal action if you do not access the site in a timely manner and pay your taxes. When you access the site, the attackers can steal your personal credit card or bank information and drain your accounts.
+
+### Downloads
+
+Another frequently-used phishing scam is one in which an attacker sends a fraudulent email requesting you to open or download a document, often one requiring you to sign in.
+
+### Phishing emails that deliver other threats
+
+Phishing emails can be very effective, and so attackers can using them to distribute [ransomware](ransomware-malware.md) through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note, which asks you to pay a sum of money to access to your files.
+
+We have also seen phishing emails that have links to [tech support scam](support-scams.md) websites, which use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
+
+### Targeted attacks against enterprises
+
+#### Spear phishing
+
+Spear phishing is a targeted phishing attack that involves highly customized lure content. To perform spear phishing, attackers will typically do reconnaissance work, surveying social media and other information sources about their intended target.
+
+Spear phishing may involve tricking you into logging into fake sites and divulging credentials. Spear phishing may also be designed to lure you into opening documents by clicking on links that automatically install malware. With this malware in place, attackers can remotely manipulate the infected computer.
+
+The implanted malware serves as the point of entry for a more sophisticated attack known as an advanced persistent threat (APT). APTs are generally designed to establish control and steal data over extended periods. As part of the attack, attackers often try to deploy more covert hacking tools, move laterally to other computers, compromise or create privileged accounts, and regularly exfiltrate information from compromised networks.
+
+#### Whaling
+
+Whaling is a form of phishing in which the attack is directed at high-level or senior executives within specific companies with the direct goal of gaining access to their credentials and/or bank information. The content of the email may be written as a legal subpoena, customer complaint, or other executive issue. This type of attack can also lead to an APT attack within an organization. When the links or attachment are opened, it can assist the attacker in accessing credentials and other personal information, or launch a malware that will lead to an APT.  
+
+#### Business email compromise
+
+Business email compromise (BEC) is a sophisticated scam that targets businesses often working with foreign suppliers and businesses that regularly perform wire transfer payments. One of the most common schemes used by BEC attackers involves gaining access to a company’s network through a spear phishing attack, where the attacker creates a domain similar to the company they are targeting or spoofs their email to scam users into releasing personal account information for money transfers.
+
+## How to protect against phishing attacks
+
+Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate.
+
+### Awareness
+
+The best protection is awareness and education. Don’t open attachments or click links in unsolicited emails, even if the emails came from someone you know. If you are not expecting the email, be wary about opening the attachment and verify the URL.
+
+Enterprises should educate and train their employees to be wary of any emails, phone calls, or the like, that request personal or financial information, and instruct them to report the threat to the company’s security operations team immediately.
+
+Here are several telltale signs of a phishing scam:
+
+* If links or URLs provided in emails are not pointing to the correct location or are attempting to have you access a third-party site that is not affiliated with the sender of the email, you should use caution. For example, in the image below you see that the URL provided does not match the URL that you will be taken to if you click the link.  This is a red flag and you should be wary of attempting to access this website.
+
+    ![example of how exploit kits work](./images/URLhover.png)
+
+* Emails that request personal information such as social security numbers or bank or financial information are always a good sign that you should do further investigation. Never release any personal, private, or confidential information unless you are positive the email is from a valid source. Even official communications won't generally request personal information from you in the form of an email.
+
+* Oftentimes the scammer will change letters, add numbers, or otherwise change items in the email address so that it is similar enough to a legitimate email address.
+
+* Phishing websites are designed to look like legitimate sites that you are familiar with and use on a regular basis, but may use outdated logos, have typos, or ask you to give additional information that are not asked by legitimate sign-in websites.
+
+* Sometimes you will notice that the page that opens is not a live page but rather an image that is designed to look like the site you are familiar with. Be careful if, upon opening a new website, a pop-up appears that requests you to enter your credentials.
+
+If you are unsure if the email is a phishing scam, you should contact the business associated with it by phone or email to notify them of the email you received.
+
+For more information, download and read this Microsoft [e-book on preventing social engineering attacks](https://info.microsoft.com/Protectyourweakestlink.html?ls=social), especially in enterprise environments.
+
+### Security solutions for organizations
+
+* [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) and [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) offer protection from the increasing threat of targeted attacks using Microsoft's industry leading Hyper-V virtualization technology. If a browsed website is deemed untrusted, the Hyper-V container will isolate that PC from the rest of your network thereby preventing access to your enterprise data.
+
+* [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. EOP provides a layer of protection features that are deployed across a global network of data centers, helping you simplify the administration of your messaging environments. Using various layers of filtering, EOP can provide different controls for spam filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
+
+* Use [Office 365 Advanced Threat Protection (ATP)](https://products.office.com/exchange/online-email-threat-protection?ocid=cx-blog-mmpc) to help protect your email, files, and online storage against malware. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
+
+* [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account.
+
+* [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) uses virtualization-based security to isolate secrets so that only privileged system software can access them. They are protected using virtualization-based security which blocks credential theft attack techniques and tools used in many targeted attacks. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security.
+
+## What do I do if I've already been a victim of a phishing scam?
+
+If you feel that you have been a victim of a phishing attack, contact your local law enforcement immediately. You should also immediately change all passwords associated with the accounts, and report any fraudulent activity to your bank, credit card company, etc.
+
+You can report phishing emails to phish@office365.microsoft.com. For more information see [Submit spam, non-spam, and phishing scam messages to Microsoft for analysis](https://docs.microsoft.com/en-us/office365/SecurityCompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis).
+
+Download the [Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook](https://www.microsoft.com/download/details.aspx?id=18275).
+
+The Anti-Phishing Working Group – which includes and involves ISPs, security vendors, financial institutions and law enforcement agencies – uses reports generated from emails sent to reportphishing@apwg.org to fight phishing scams and hackers.
+
+## Where to find more information about phishing attacks
+
+For information on the latest Phishing attacks, techniques, and trends, you can read these entries on the [Windows Security blog](https://cloudblogs.microsoft.com/microsoftsecure/?product=windows,windows-defender-advanced-threat-protection):
+
+* [Phishers unleash simple but effective social engineering techniques using PDF attachments](https://cloudblogs.microsoft.com/microsoftsecure/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?source=mmpc)
+
+* [Tax themed phishing and malware attacks proliferate during the tax filing season](https://cloudblogs.microsoft.com/microsoftsecure/2017/03/20/tax-themed-phishing-and-malware-attacks-proliferate-during-the-tax-filing-season/?source=mmpc)
+
+* [Phishing like emails lead to tech support scam](https://cloudblogs.microsoft.com/microsoftsecure/2017/08/07/links-in-phishing-like-emails-lead-to-tech-support-scam/?source=mmpc)

windows/security/intelligence/prevent-malware-infection.md

@@ -0,0 +1,180 @@
+---
+title: Prevent malware infection
+description: Malware prevention best practices
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/12/2018
+---
+# Prevent malware infection
+
+Malware authors are always looking for new ways to infect computers. Follow the simple tips below to stay protected and minimize threats to your data and accounts.
+
+* Enable Windows security features
+
+* Keep software up-to-date
+
+* Watch out for threats on email or instant messaging
+
+* Browse the web safely
+
+* Stay away from pirated material
+
+* Don't attach unfamiliar removable drives
+
+* Use a non-administrator account
+
+## Security solutions
+
+[Windows Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security?ocid=cx-wdsi-articles) provides comprehensive protection through real-time detection and removal of malware using next-gen antimalware technologies. It uses the cloud, machine learning, and behavior analysis to rapidly respond to emerging threats.
+
+For effective antimalware protection, enable Windows Defender Antivirus and keep it up-to-date with [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq). To enable next-gen protection:
+
+1. Search for **Windows Defender Security Center** to open the app.
+2. Go to **Virus & threat protection**.
+3. Make sure the switches for **Cloud-delivered protection** and **Automatic sample submission** are set to **On**.
+
+Windows Defender Antivirus is built into Windows 10 and Windows 8.1. If your computer is running Windows 7 or earlier, you can download and use [Microsoft Security Essentials (MSE)](https://support.microsoft.com/help/14210/security-essentials-download).
+
+For increased protection, Windows Defender Firewall blocks unwanted inbound network connections. It can also control which applications on your computer can initiate outbound connections and can warn of malware suddenly trying to establish a remote connection.
+
+Read the articles below to learn how turn on Windows Defender Firewall:
+
+* [Turn on the Windows Firewall in Windows 10](https://support.microsoft.com/help/4028544/windows-turn-windows-firewall-on-or-off)
+* [Turn on the Windows Firewall in Windows 8.1 or Windows](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses)
+
+With Windows 10, you also benefit from [Windows Defender Exploit Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/), which protects files in key folders with Controlled folder access. Enterprise users are also provided broad or strategic exploit protection, reduction of attack surfaces with behavior detection rules, and reputation-based filtering of network connections.
+
+### Additional protection for enterprises
+
+In enterprise settings, phishing emails and other forms of phishing attacks may be the entry point for a larger cyberattack or espionage. The following technologies can help protect you from malware and other attacks that may arise from phishing:
+
+* Windows Defender Exploit Guard is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees. Windows Defender Exploit Guard utilizes the capabilities of the Microsoft Intelligent Security Graph (ISG) to protect organizations from advanced threats, including zero-day exploits. The four components of Windows Defender Exploit Guard are:
+  * Attack Surface Reduction (ASR): A set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office-, script-, and email-based threats
+  * Network protection: Protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen
+  * Controlled folder access: Protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders
+  * Exploit protection: A set of exploit mitigations (replacing EMET) that can be easily configured to protect your system and applications
+
+* Windows Defender Advanced Threat Protection (ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. Windows Defender ATP  uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+  * Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system (for example, process, registry, file, and network communications) and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+  * Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem.
+  * Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.
+
+## Keep software up-to-date
+
+[Exploits](exploits-malware.md) typically abuse vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office. To protect your PC from exploits, always keep software up-to-date.
+
+To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, by upgrading to the latest version of Windows, you automatically benefit from a host of built-in security enhancements.
+
+## Watch out for threats on email or instant messaging
+
+Email and other messaging tools are a few of the most common ways your PC can get infected. Attachments or links on messages can open malware directly or can stealthily trigger a download. Some emails will instruct you to allow macros or other executable content—these instructions are designed to make it easier for malware to infect your computer.
+
+To avoid threats that arrive via email or other messaging tools:
+
+* Learn to identify suspicious messages. Never open attachments or links in suspicious looking messages.
+
+* Exercise caution when dealing with messages received from unknown sources or received unexpectedly from known sources.
+
+* Use extreme caution when accepting file transfers.
+
+* Social engineering attacks often use email as a way of gaining access to your personal information. Emails that request personal information or require you to access third-party sites might be part of social engineering attacks. Always use caution when providing personal or credential information.
+
+* If you receive a notification from your bank or credit card company requiring immediate action, contact your bank or credit card company using contact information on their official website. Do not use links, email addresses, or phone numbers in the suspicious email.
+
+* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering, helping protect you from malware, phishing, and other email threats.
+
+### What are suspicious messages?
+
+Here are some characteristics that you can use to spot potentially harmful messages:
+
+* The message is unexpected and unsolicited. If you suddenly receive an email from an entity or a person you rarely deal with, consider this email suspect.
+
+* The message or the attachment asks you to enable macros, adjust security settings, or install applications. Normal emails will not ask you to do this.
+
+* The message contains errors. Legitimate corporate messages are less likely to have typographic or grammatical errors or contain wrong information.
+
+* The sender address does not match the signature on the message itself. For example, an email is purported to be from Mary of Contoso Corp, but the sender address is john<span></span>@example.com.
+
+* There are multiple recipients in the “To” field and they appear to be random addresses. Corporate messages are normally sent directly to individual recipients.
+
+* The greeting on the message itself does not personally address you. Apart from messages that mistakenly address a different person, those that misuse your name or pull your name directly from your email address tend to be malicious.
+
+* URLs behind links do not match the link text. Try hovering over links to check if they point to a sensible URL. In some cases, malicious URLs are completely off and even point to completely unrelated domains.
+
+## Browse the web safely
+
+The web is filled with useful and helpful content that we use every day. While there are billions of helpful pages, the web also contains sites that have been intentionally set up for malicious purpose. Some legitimate sites also get compromised—they are modified by attackers to deliver malware and other malicious content.
+
+By visiting malicious or compromised sites, your PC can get infected with malware automatically or you can get tricked into downloading and installing malware. To avoid malware that are distributed through these websites:
+
+* Do not click links in suspicious messages you received in email or other messaging services. See the tips above about identifying suspicious messages.
+
+* Learn to spot spoofed or fake websites.
+
+* Avoid sites that are likely to contain malware.
+
+### How do I spot suspicious websites?
+
+Check for the following characteristics to identify potentially harmful websites:
+
+* Check the URL in the address bar. The initial part or the domain should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example<span></span>.com is spelled examp1e<span></span>.com, the site you are visiting is suspect.
+
+* Sites that contain adult or pirated content are common vectors for spreading malware. Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported.
+
+* Sites that aggressively open popups and display misleading buttons. Many of these sites trick users into accepting content through constant popups or mislabeled buttons. For example, some of these sites display media play buttons to trick users into downloading and installing infected media players.
+
+To block malicious websites, use a modern web browser like [Microsoft Edge](http://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which uses Windows Defender SmartScreen to identify phishing and malware websites. Microsoft Edge also works with Windows Defender Antivirus to check downloads for malware.
+
+For optimal protection while browsing websites, use [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview?ocid=cx-wdsi-articles). Application Guard helps to isolate untrusted sites, protecting you while you browse the Internet. If you browse an untrusted site through either Microsoft Edge or Internet Explorer, Application Guard opens the site in a virtualized container that is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected and the attacker can't get to your data. Application Guard is available on enterprise editions of Windows 10 version 1709 or above.
+
+If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site).
+
+## Stay away from pirated material
+
+Using pirated content is not only illegal, it can also expose your PC to malware. Sites that offer pirated software and media are also often used to distribute malware. Many illicit media download and streaming sites try to push infected media players and codecs packages. Some of these sites can automatically install malware to visiting computers.
+
+Pirated software is often bundled with malware and other unwanted software, including intrusive browser plugins and adware.
+To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/windows-10-s?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed.
+
+## Don't attach unfamiliar removable drives
+
+Some types of malware can spread by copying themselves to USB flash drives or other removable drives. Also, there are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals.
+
+Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files.
+
+## Use a non-administrator account
+
+At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting your own privileges, you can prevent malware from making consequential changes to your computer.
+
+By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/access-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run.
+
+To help ensure that your everyday activities do not result in malware infection and other potentially catastrophic changes, you can use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges.
+
+Whenever necessary, you can log in as an administrator to install apps or make configuration changes that require admin privileges.
+
+[Read about creating user accounts and giving administrator privileges](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
+
+## Other safety tips
+
+To further ensure that your data is protected from malware as well as other threats, make sure you:
+
+* Backup your files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. You can use [OneDrive](https://onedrive.live.com/about/?ocid=cx-wdsi-articles) for reliable cloud-based copies that allow you to access your files from multiple devices and help you recover damaged or lost files, including files locked by ransomware.
+
+* Be wary when connecting to public hotspots, particularly those that do not require authentication.
+
+* Use [strong passwords](https://support.microsoft.com/help/12410/microsoft-account-help-protect-account) and enable multi-factor authentication.
+
+* Do not use untrusted devices to log on to email, social media, and corporate accounts.
+
+* Monitor and safeguard your [family’s online computing experience](https://support.microsoft.com/help/4013209/windows-10-protect-your-family-online-in-windows-defender).
+
+## What to do if you have a malware infection
+
+Windows Defender Antivirus helps reduce the chances of infection and will automatically remove threats that it detects.
+
+In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).

windows/security/intelligence/ransomware-malware.md

@@ -0,0 +1,71 @@
+---
+title: Ransomware
+description: Learn about ransomware, how it works, and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Ransomware
+
+Ransomware is a type of malware that encrypts files and folders, preventing access to important files. Ransomware attempts to extort money from victims by asking for money, usually in form of cryptocurrencies, in exchange for the decryption key. But cybercriminals won't always follow through and unlock your files.  
+
+The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms especially susceptible to ransomware attacks.
+
+## How ransomware works
+
+Most ransomware infections start with:
+
+- Email messages with attachments that try to install ransomware.
+
+- Websites hosting exploit kits that attempt to use vulnerabilities in web browsers and other software to install ransomware.
+
+More recent ransomware have [worm-like](worms-malware.md) capabilities that enable them to spread to other computers in the network. For example, Spora drops ransomware copies in network shares. WannaCrypt exploits the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to infect other computers. A Petya variant exploits the same vulnerability, in addition to CVE-2017-0145 (also known as EternalRomance), and uses stolen credentials to move laterally across networks.
+
+Once ransomware infects a device, it starts encrypting files, folders, entire hard drive partitions using encryption algorithms like RSA or RC4.
+
+### Examples
+
+Ransomware like Cerber and Locky search for and encrypt specific file types, typically document and media files. When the encryption is complete, the malware leaves a ransom note using text, image, or an HTML file with instructions to pay a ransom  to recover files.
+
+More sophisticated ransomware like Spora, WannaCrypt (also known as WannaCry), and Petya (also known as NotPetya) include other capabilities, such as spreading to other computers via network shares or exploits.
+
+Bad Rabbit ransomware was discovered attempting to spread across networks using hardcoded usernames and passwords in brute force attacks.
+
+Older ransomware like Reveton locks screens instead of encrypting files. They display a full screen image and then disable Task Manager. The files are safe, but they are effectively inaccessible. The image usually contains a message claiming to be from law enforcement that says the computer has been used in illegal cybercriminal activities and fine needs to be paid. Because of this, Reveton is nicknamed "Police Trojan" or "Police ransomware".
+
+Ransomware is one of the most lucrative revenue channels for cybercriminals, so malware authors continually improve their malware code to better target enterprise environments. Ransomware-as-a-Service is a cybercriminal business model in which malware creators sell their ransomware and other services to cybercriminals, who then operate the ransomware attacks. The business model also defines profit sharing between the malware creators, ransomware operators, and other parties that may be involved. For cybercriminals, ransomware is a big business, at the expense of individuals and businesses.
+
+## How to protect against ransomware
+
+ Organizations can be targeted specifically by attackers, or they can be caught in the wide net cast by cybercriminal operations. Large organizations are high value targets and attackers can demand bigger ransoms.
+
+We recommend:
+
+- Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.  
+
+- Apply the latest updates to your operating systems and apps.
+
+- Educate your employees so they can identify social engineering and spear-phishing attacks.
+
+Microsoft provides comprehensive security capabilities that help protect against threats such as ransomware. We recommend:
+
+- [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/#pivot=itadmin&panel=it-security) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data.
+
+- [Office 365 Advanced Threat Protection](https://technet.microsoft.com/library/exchange-online-advanced-threat-protection-service-description.aspx) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders.
+
+- [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection.
+
+- [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge.
+
+- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) is built into Windows 10 and, when enabled, provides real-time cloud-powered protection against threats. Keep Windows Defender Antivirus and other software up-to-date to get the latest protections.
+
+- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using Microsoft [SmartScreen](https://docs.microsoft.com/en-us/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites.
+
+- [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) helps  protect your employees from untrusted sites by opening the site in an isolated Hyper-V-enabled container, separate from the host operating system.
+
+- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access.

windows/security/intelligence/rootkits-malware.md

@@ -0,0 +1,53 @@
+---
+title: Rootkits
+description: Learn about rootkits and how they hide malware on your device and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Rootkits
+
+Malware authors use rootkits to hide malware on your device, allowing malware to persist on your device as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources from your PC.
+
+## How rootkits work
+
+Rootkits intercepts and change standard operating system processes. After a rootkit infects a device, you can’t trust any information that device reports about itself.
+
+For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. Rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC.
+
+Many modern malware families use rootkits to try and avoid detection and removal, including:
+
+- [Alureon](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fAlureon)
+
+- [Sirefef](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSirefef)
+
+- [Rustock](http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRustock)
+
+- [Sinowal](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSinowal)
+
+- [Cutwail](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCutwail)
+
+## How to protect against rootkits
+
+Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place.
+
+- Update your software.
+
+- Use security software to protect your device. Windows Defender Antivirus is included with Windows 10 and provides real-time detection and removal of malware.
+
+- Be wary of suspicious websites and emails.
+
+### What if I think I have a rootkit on my PC?
+
+Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your PC, and your antimalware software isn’t detecting it, you might need an extra tool that lets you boot to a known trusted environment.
+In this case, use [Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline).
+Windows Defender Offline is a standalone tool that has the latest anti-malware updates from Microsoft. It’s designed to be used on PCs that aren't working correctly due to a possible malware infection.
+
+### What if I can’t remove a rootkit?
+
+If the problem persists, we strongly recommend that you reinstall your operating system and your security software. You should then restore your data from backup.

windows/security/intelligence/supply-chain-malware.md

@@ -0,0 +1,51 @@
+---
+title: Supply Chain
+description: Learn about how supply chain attacks work, deliver malware do your devices, and  what you can do to protect yourself
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/13/2018
+---
+
+# Supply Chain
+
+Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.  
+
+## How supply chain attacks work
+
+Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.  
+
+Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.  
+
+The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country where it was the top utility app.
+
+## Types of Supply Chain Attacks
+
+* Compromised software building tools or updated infrastructure
+
+* Stolen code-sign certificates or signed malicious apps using the identity of dev company
+
+* Compromised specialized code shipped into hardware or firmware components
+
+* Pre-installed malware on devices (cameras, USB, phones, etc.)
+
+## How to protect against supply chain attacks
+
+* Deploy strong code integrity policies to allow only authorized apps to run.
+
+* Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.
+
+* For software vendors and developers, take steps to ensure your apps are not compromised.
+
+* Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
+  * Immediately apply security patches for OS and software.
+
+  * Require multi-factor authentication for admins.
+
+* Build secure software update processes as part of the software development lifecycle.
+
+* Develop an incident response process for supply chain attacks.

windows/security/intelligence/support-scams.md

@@ -0,0 +1,527 @@
+---
+title: Tech Support Scams
+description: Learn about how supply chain attacks work, deliver malware do your devices, and  what you can do to protect yourself
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/13/2018
+---
+# Tech support scams
+
+Tech support scams are an industry-wide issue where scammers use scare tactics to trick you into paying for unnecessary technical support services that supposedly fix contrived device, platform, or software problems.
+
+Scammers may call you directly on your phone and pretend to be representatives of a software company. They might even spoof the caller ID so that it displays a legitimate support phone number from a trusted company. They can then ask you to install applications that give them remote access to your device. Using remote access, these experienced scammers can misrepresent normal system output as signs of problems.
+
+Scammers might also initiate contact by displaying fake error messages on websites you visit, displaying support numbers and enticing you to call. They can also put your browser on full screen and display pop-up messages that won't go away, essentially locking your browser. These fake error messages aim to trick you into calling an indicated technical support hotline. Note that Microsoft error and warning messages never include phone numbers.
+
+When you engage with the scammers, they can offer fake solutions for your “problems” and ask for payment in the form of a one-time fee or subscription to a purported support service.
+
+Get the latest news on tech support scams:
+
+* FBI: [Public Service Announcement on Tech Support Fraud](https://www.ic3.gov/media/2018/180328.aspx)
+
+* FTC: [FTC to Provide Refunds to Victims of Tech Support Scam](https://www.ftc.gov/news-events/press-releases/2018/01/ftc-provide-refunds-victims-tech-support-scam)
+
+* Microsoft: [Teaming up in the war on tech support scams](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/)
+
+* Washington State AG: [AG’s lawsuit shuts down tech support scammer iYogi](http://www.atg.wa.gov/news/news-releases/ag-s-lawsuit-shuts-down-tech-support-scammer-iyogi)
+
+## How to protect yourself from tech support scams
+
+* If you receive an unsolicited email message or phone call that claims to be from Microsoft or another company asking that you to send personal information or click links, either hang up the phone or ignore or report the email.
+
+    **Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to fix your computer.**
+
+* Unless you are absolutely sure you can trust the caller or the sender, do not share personal information, click links, or install applications when requested.
+
+    **Any communication Microsoft has with you must be initiated by you.**
+
+* Download software only from official vendor websites or the Microsoft Store. Be wary of downloading software from third-party sites, as some of them might have been modified without the author’s knowledge to bundle support scam malware and other threats.
+
+* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the Internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
+
+    **Don’t call the number in the pop-ups. Microsoft’s error and warning messages never include a phone number.**
+
+* Enable Windows Defender Antivirus on Windows 10. It detects and removes known support scam malware.
+
+## What to do if you already gave information to a tech support person 
+
+* If you have already engaged and paid for fake support: 
+
+* Uninstall applications that scammers have asked you to install. If you have given scammers access, consider resetting your PC.
+
+* Run a full scan with Windows Defender Antivirus to remove any malware. Apply all security updates as soon as they are available.
+
+* Change your passwords.
+
+* Call your credit card provider to reverse the charges, if you have already paid.
+
+* Monitor anomalous logon activity. Use Windows Defender Firewall to block traffic to services that you would not normally access.
+
+## Reporting tech support scams
+
+Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams: 
+
+**www.microsoft.com/reportascam**
+
+You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionaliry.
+
+* Microsoft Edge: If you encounter a suspicious site, click **More [...] > Send feedback**
+
+* On Internet Explorer: Click the gear icon, point to **Safety**, and then click **Report unsafe website**.
+
+Microsoft’s Digital Crimes Unit uses customer reports to investigate, take action against criminals, and make referrals to law enforcement when appropriate.
+
+### Government reporting
+
+You can contact your local government scam reporting department, such as the following:
+
+* In the United States, you can report tech support scams with the [Internet Crime Complaint Center (IC3)](https://www.ic3.gov/) or use the [FTC Complaint Assistant form](https://www.ftccomplaintassistant.gov/).
+
+* In Canada, the [Canadian Anti-Fraud Centre](http://www.antifraudcentre-centreantifraude.ca/) can provide support.
+
+* In the United Kingdom, you can report [fraud](https://www.actionfraud.police.uk/) as well as [unsolicited calls](https://www.tpsonline.org.uk/tps/).
+
+* In Australia, you can use the [ScamWatch](https://www.scamwatch.gov.au/report-a-scam) website to report a scam.
+
+### Get help
+
+When you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at the [Microsoft Answer Desk](https://support.microsoft.com/contactus/).
+
+## Popular scam types
+
+There are several forms of tech support scams, all of which aim to trick you into believing that your computer needs to be fixed and you need to pay for technical support services.
+
+### Phone scams
+
+In this type of scam, scammers call you and claim to be from the tech support team of Microsoft or other vendors. They then offer to help solve your computer problems.
+
+Scammers often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
+
+Once they've gained your trust, they might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. If you install the software and provide credentials, your computer and your personal information are vulnerable.
+
+Although law enforcement can trace phone numbers, perpetrators often use pay phones, disposable cellular phones, or stolen cellular phone numbers. Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
+
+**If you receive an unsolicited call from someone claiming to be from Microsoft Support, hang up. We do not make these kinds of calls.**
+
+For further information, watch this video on staying safe from call scams:
+
+<a href="https://www.youtube.com/watch?feature=player_embedded&v=IzYk-y-0raE" target="_blank"><img src="https://img.youtube.com/vi/IzYk-y-0raE/0.jpg" 
+alt="staying safe from call scams" width="240" height="180" border="10" /></a>
+
+### Web scams
+
+Tech support scam websites make you believe that you have a problem with your PC. You may be redirected to these websites automatically by malicious ads found in dubious sites, such as download locations for fake installers and pirated media.
+
+These websites can use any of the following tactics to convince you that there is a problem with your PC that needs fixing:
+
+* A fake blue screen error
+
+* A fake Windows activation dialog box
+
+* Various fake system errors
+
+* Supposed malware infection or malicious activity
+
+They can also use the following techniques to further make their claim believable:
+
+* Put the image or your browser on full screen, making the error appear as though it’s coming from Windows instead of the web page
+
+* Disable Task Manager
+
+* Continuously display pop-up windows
+
+* Play audio message
+
+All these techniques are meant to persuade you to call the specified tech support number. In contrast, the real error messages on Windows 10 don’t ask you to call a tech support number.
+
+For further information, watch this video on staying safe from web browser scams:
+
+<a href="https://www.youtube.com/watch?feature=player_embedded&v=CLh0c3WpcPo" target="_blank"><img src="https://img.youtube.com/vi/CLh0c3WpcPo/0.jpg" 
+alt="staying safe from web browser scams" width="240" height="180" border="10" /></a>
+
+### Other forms of support scams
+
+Some tech support scams may also come in the form of malware. When run, these malware may display fake error notifications about your computer or software, similar to tech support scam websites. However, because they are programs that are installed on your computer, scammers will likely use them to perform other malicious actions, such as steal data or install other malware.
+
+Scammers may also use other ways to reach you, such as email or chat. These email or chat messages may resemble phishing emails; however, instead of pointing to phishing sites designed to steal credentials, the links lead to tech support scam websites.
+
+For further information, watch this video on staying safe from web browser scams:
+
+<a href="https://www.youtube.com/watch?feature=player_embedded&v=amkejUbjpuo" target="_blank"><img src="https://img.youtube.com/vi/amkejUbjpuo/0.jpg" 
+alt="staying safe from web browser scams" width="240" height="180" border="10" /></a>
+
+## Known tech support scam phone numbers
+
+|||||||
+|---|---|---|---|---|---|
+11480248 | 12807848| 20090123| 20160303| 23965524| 34881800|
+34900868|	50580177|	81143615|	82888323|	84480184|	84480189|
+87407257|	87409694|	98862886|	176363501|	176363506|	176391769|
+182886068|	182886069|	182888275|	184883029|	184886445|	184887053|
+186266214|	186266232|	186269998|	186650003|	186650010|	186653930|
+345400907|	345793757|	345795825|	345798383|	345798390|	383758531|
+383758532|	406688973|	720231278|	800904638|	800919811|	805081097|
+815880322|	824689029|	857880151|	900423469|	900838103|	900838948|
+900839155|	900861783|	900868512|	900868596|	970736352|	970736358|
+970736361|	1234567567|	1300417412|	1510072932|	1510159041|	1510160969|
+1510245655|	2080683410|	2080687448|	2147483646|	3215480175|	3225881811|
+3228083298|	3228084953|	3238084406|	3238084491|	3253280459|	3263680469|
+3263680484|	3263680580|	3284480189|	3284480200|	3726682442|	3728803282|
+3728803283|	3728807869|	8000148581|	8000418255|	8000465047|	8000465243|
+8000465255|	8000465275|	8000465299|	8000868271|	8006370838|	8081011552|
+8081017544|	8081644738|	8081648928|	8772565767|	18002013517|	18003161942|
+18009568510|	18022255900|	18442155229|	18442296999|	18443189400|	18443263137|
+18446138256|	18447935916|	18448559343|	18448746222|	18552033941|	18552054077|
+18552054170|	18556221162|	18559993678|	18669954293|	18772012439|	18772124133|
+18772212910|	18772234815|	18772236199|	18772948866|	18777990627|	18882028995|
+18882047932|	18882061755|	18882093323|	18882109250|	18882158523|	18882193660|
+18882248590|	18882261173|	18883084902|	18883084903|	18883084972|	18883085694|
+18883086064|	18883088671|	18883100334|	18883100770|	18883107656|	18886070666|
+33176363169|	33176542702|	33186269672|	33186269674|	33186650127|	33186650134|
+33970736256|	33970736257|	33970736272|	33970736288|	33970736321|	33970736336|
+33974591199|	33975181600|	34918299733|	41265880437|	41265880485|	41325800376|
+41435089246|	41565880326|	41565880362|	41565880413|	41565880500|	46101388408|
+46472690807|	46472690837|	46775868165|	48838881236|	61894683528|	64800453791|
+79063411189|	79063446907|	79600569468|	79608268467|	79608290750|	79610485439|
+79626057542|	79626057552|	79626057581|	79626057590|	79626059060|	79626059063|
+79626059067|	79626059071|	79649583861|	79649813542|	79653906770|	79656518090|
+79659167620|	79672278895|	79676190358|	79676190359|	79676190363|	79677229508|
+79677229535|	79677229540|	79677263582|	79677280316|	79677280434|	79677280561|
+79677281060|	79677281254|	79677281512|	79686616290|	79688632614|	81345902886|
+358753252532|	390409720840|	390426270222|	390694808816|	390999440082|	400092598858|
+400093694953|	400093887737|	400094295903|	400094878629|	441630740007|	441722446140|
+442031293867|	448081648928|	459438276035|	498007238485|	611800431429|	3901731920150|
+3901731920173|	6901443158195|	(0)2070220828|	(013)02238060|	(013)42590058|	(02)61891708|
+(02)80164703|	(02)80164716|	(02)80164756|	(02)80172671|	(02)80172685|	(02)85994345|
+(03)43092501|	(03)57243978|	(03)85666148|	(03)85927365|	(03)86575022|	(03)86575029|
+(03)86575037|	(03)86575058|	(03)86575059|	(03)86575060|	(03)86575067|	(03)86575087|
+(03)86575132|	(03)86575174|	(03)86575185|	(03)86575189|	(03)86575197|	(03)86575202|
+(03)86575207|	(03)86575212|	(03)86575219|	(03)86575220|	(03)86575227|	(03)86575233|
+(03)86575236|	(03)86575244|	(03)86575246|	(03)86575250|	(03)86575251|	(03)86575252|
+(03)86575253|	(03)86575254|	(03)86575259|	(03)86575266|	(03)86575274|	(03)86575279|
+(03)86575282|	(03)8657-5321|	(03)86575462|	(03)86575481|	(03)86575485|	(03)86578564|
+(030)30807257|	(040)87407257|	(040)87408505|	(050)-5865-3083|	(06)-9480-0946|	(07)30538387|
+(07)30627228|	(07)30627243|	(07)3062-7243|	(07)31063353|	(07)31886052|	(07)42299559|
+(07)55515928|	(07)55596520|	(08)62440898|	(08)62441208|	(08)62441245|	(08)79137259|
+(08)79137276|	(08)79137290|	(08)81204457|	(08)81666920|	(08)81666934|	(08)81666937|
+(08)81666955|	(1-833-870-9055|	(20)888-6480|	(2845385|	(32)025881811|	(32)063680584|
+(32)25888838|	(33)0176363336|	(43)215-5911|	(45)89874331|	(46)844686279|	(646)1234567|
+(65)31638569|	(6901443158195|	(800)-257-6159|	(800)795-3272|	(833)332-3666|	(833)332-3999|
+(833)801-6989|	(833)802-8800|	(844)200-3935|	(844)200-3946|	(844)-325-0270|	(844)378-0666|
+(844)393-0450|	(844)393-0484|	(844)393-0486|	(844)393-0493|	(844)-431-5897|	(844)441-3440|
+(844)-584-7375|	(844)676-8550|	(844)-731-1261|	(844)-760-4122|	(844)793-5916|	(844)793-5936|
+(844)869-5777|	(844)966-5100|	(855)-205-9531|	(855)209-6074|	(855)214-7894|	(855)-225-7708|
+(855)-225-8066|	(855)231-0539|	(855)-239-2183|	(855)-241-3845|	(855)241-4667|	(855)-250-8770|
+(855)-257-7114|	(855)-266-4554|	(855)266-4741|	(855)266-4742|	(855)278-4738|	(855)294-1712|
+(855)294-1825|	(855)-297-7165|	(855)-322-7973|	(855)340-7428|	(855)-351-1668|	(855)-355-5293|
+(855)-356-7202|	(855)-356-7339|	(855)-369-2906|	(855)391-2888|	(855)405-7100|	(855)445-9027|
+(855)-447-0411|	(855)-533-5796|	(855)550-2111|	(855)622-1162|	(855)624-0140|	(855)624-0227|
+(855)624-7391|	(855)625-1554|	(855)625-1567|	(855)-649-8770|	(855)-656-6781|	(855)656-6786|
+(855)-700-0815|	(855)739-7816|	(855)-739-7820|	(855)-740-4839|	(855)-744-7535|	(855)862-0306|
+(855)-889-3085|	(855)894-7489|	(866)201-6421|	(866)201-6980|	(866)203-7969|	(866)203-9002|
+(866)-230-0166|	(866)-242-4511|	(866)245-3153|	(866)246-4756|	(866)-246-4836|	(866)-258-1972|
+(866)-260-0177|	(866)-273-6495|	(866)281-2116|	(866)-285-2709|	(866)288-2359|	(866)-290-5160|
+(866)-291-8355|	(866)-298-7189|	(866)298-8191|	(866)-298-8192|	(866)304-3926|	(866)307-4818|
+(866)-309-5567|	(866)315-0847|	(866)332-5687|	(866)-338-7789|	(866)-350-2508|	(866)366-2406|
+(866)-368-2412|	(866)374-5877|	(866)-383-9914|	(866)-383-9915|	(866)402-1473|	(866)412-0891|
+(866)423-0059|	(866)423-0063|	(866)-423-1070|	(866)424-8189|	(866)-424-8267|	(866)-428-8273|
+(866)-433-0787|	(866)-433-0852|	(866)-446-2164|	(866)446-2174|	(866)455-9175|	(866)455-9333|
+(866)-461-1815|	(866)-465-8228|	(866)-472-8834|	(866)475-7161|	(866)475-9024|	(866)-491-1840|
+(866)491-1851|	(866)528-4708|	(866)-537-8476|	(866)-537-8543|	(866)564-0080|	(866)-564-0233|
+(866)644-1220|	(866)-664-7153|	(866)664-7178|	(866)-671-2859|	(866)-671-2872|	(866)-745-9470|
+(866)-745-9526|	(866)-799-3813|	(866)-804-9341|	(866)-809-9055|	(866)-811-5991|	(866)-811-5999|
+(866)811-6155|	(866)-847-7752|	(866)-847-7753|	(866)-853-5456|	(866)-853-5502|	(866)-877-0206|
+(866)-877-9859|	(866)888-0929|	(866)-897-2725|	(877)205-4993|	(877)-207-1433|	(877)211-6638|
+(877)-211-6638|	(877)217-6241|	(877)219-6084|	(877)-219-6439|	(877)226-0927|	(877)-236-1653|
+(877)-245-8680|	(877)-248-6220|	(877)-249-0169|	(877)249-0473|	(877)-257-5169|	(877)265-0722|
+(877)384-3140|	(877)-390-9713|	(877)-393-8186|	(877)394-4325|	(877)-394-4493|	(877)410-1782|
+(877)-433-3057|	(877)-507-9671|	(877)520-4840|	(877)582-0878|	(877)636-0404|	(877)-678-1575|
+(877)-679-5793|	(877)855-3653|	(877)-855-3653|	(877)855-3656|	(877)-856-4665|	(877)856-4874|
+(877)870-1153|	(877)-873-3392|	(877)932-2471|	(888)206-1755|	(888)215-8523|	(888)-216-2759|
+(888)-218-0528|	(888)-223-4021|	(888)241-1223|	(888)2444556|	(888)248-8302|	(888)271-9836|
+(888)2839922|	(888)283-9922|	(888)289-1009|	(888)-308-4985|	(888)-319-2624|	(888)-453-1072|
+(888)-453-1525|	(888)466-6309|	(888)-501-9477|	(888)503-2516|	(888)503-3820|	(888)-563-5301|
+(888)623-3295|	(888)-649-3908|	(888)-649-9652|	(888)660-1761|	(888)694-2168|	(888)694-2197|
+(888)-761-9452|	(888)-799-5199|	(888)810-5341|	(888)810-8342|	(888)811-4180|	(888)829-5571|
+(888)829-5736|	(888)-829-5799|	(888)-835-3145|	(888)-857-7032|	(888)-858-8266|	(888)-858-8361|
+(888)858-8437|	(888)869-4769|	(888)886-8732|	(888)-892-6972|	(888)894-5790|	(888)992-3346|
+001-800-291-7514|	001-800-337-6075|	001-800-741-0438|	001-800-862-3971|	001-833-248-5444|	001-833-248-5777|
+001-844-217-3666|	001-844-416-0999|	001-844-416-1777|	001-844-416-3555|	001-844-441-4490|	001-855-220-5679|
+001-855-340-0999|	001-855-371-9444|	001-855-382-4333|	001-855-433-1222|	001-855-433-1666|	001-855-433-5111|
+001-888-334-1444|	001-888-549-8666|	001-888-578-9666|	001-888-696-0666|	001-888-711-6011|	01-013-894-74|
+010-8080688|	010-8080698|	01-088-482-93|	01-513-6657|	01-586-613-14|	0-161-660-4291|
+0-161-660-8204|	01-617918571|	01-70-71-29-83|	01-70-71-29-85|	01-70-72-08-31|	01-70-75-40-58|
+01-76-34-05-40|	01-76-34-05-42|	01-76-34-05-43|	01-76-34-05-47|	01-76-34-05-48|	0176-350-282|
+01-76-35-02-82|	0-176-350-282|	01-76-35-02-86|	01-76-38-04-17|	01-76-39-05-48|	01-76-42-02-52|
+01-76-44-01-87|	01-76-44-03-79|	01-76-54-26-50|	01-76-54-26-55|	01-76-54-27-02|	01-76-54-27-37|
+01-76-75-32-49|	01-78-42-94-73|	01-82-88-82-58|	01-82-88-82-68|	01-82-88-82-69|	01-82-88-82-80|
+01-82-88-82-88|	01-82-88-83-09|	0-182-888-313|	01-82-88-83-23|	01-82-88-83-28|	01-82-88-83-34|
+01-82-88-83-50|	01-82-88-83-55|	01-82-88-83-64|	01-82-88-83-85|	01-82-88-84-15|	01-82-88-84-18|
+01-82-88-84-33|	01-82-88-85-17|	01-82-88-89-29|	01-82-88-89-30|	01-84-88-00-78|	01-84-88-46-81|
+01-84-88-64-48|	01-84-88-70-53|	01-86-26-01-80|	01-86-26-22-91|	01-86-26-23-76|	01-86-26-42-69|
+01-86-26-47-64|	01-86-26-47-68|	01-86-26-51-73|	01-86-26-51-85|	01-86-26-52-13|	0186266214|
+0186266232|	01-86-26-99-87|	0186650003|	0186650010|	01-86-65-01-04|	01-86-65-01-12|
+01-86-65-01-25|	01-86-65-19-63|	01-90-38-86-6|	0-199-346-0018|	020-3514-9444|	0-203-868-2233|
+0208-068-3410|	0208-133-6658|	02-8017-2666|	0-28-08-44-42|	02-831-09124|	02-83176354|
+030-30807257|	032-221095548|	03-4578-9419|	0345795825|	0345-795-825|	0345798390|
+0345-798-390|	03-4580-9710|	03-4589-4823|	03-4589-4826|	03-4590-2887|	03-4590-2890|
+03-52929333|	0383758532|	03-86575028|	03-86575082|	03-86575137|	03-86575205|
+03-86575225|	03-86575233|	03-86575236|	03-86575244|	03-86575255|	03-86575259|
+03-86575441|	03-86575492|	040-87407257|	0-408-740-8503|	0-408-740-9127|	050-5865-3083|
+06-9480-0911|	0694808661|	0694-808-661|	0694808798|	0694-808-798|	07-30677862|
+07-55515928|	076-888-8369|	076-888-8645|	0-800-014-8165|	0-800-014-8580|	0-800-041-8236|
+0-800-041-8255|	0-800-041-8266|	0-800-046-5034|	0-800-046-5039|	0-800-046-5059|	0-800-046-5067|
+0-800-046-5088|	0-800-046-5208|	0-800-046-5230|	0-800-046-5240|	0-800-046-5257|	0-800-046-5264|
+0-800-046-5266|	0-800-046-5275|	0-800-046-5705|	0-800-046-5727|	0-800-069-8038|	0800-086-9887|
+0800-086-9891|	0800-086-9895|	0800-086-9897|	0800-086-9957|	0-800-086-9957|	0800-086-9967|
+0-800-088-5368|	0-800-090-3247|	0-800-090-3813|	0-800-090-3815|	0-800-090-3834|	0-800-090-3869|
+0-800-090-3876|	0-800-090-3931|	0-800-090-3961|	0-800-098-8251|	0-800-098-8427|	0-800-133-7582|
+0-800-181-2377|	0800-183-3316|	0-800-183-8114|	0800-183-8200|	0-800-189-0355|	0800-368-8157|
+0-800-368-8920|	0-800-723-4924|	0-800-724-3871|	0800904638|	0-800-910-990|	0800919811|
+0800-919-811|	0-800-919-811|	0-805-081-394|	08-05-08-66-15|	0-808-164-4743|	0808-189-4081|
+085-208-4376|	085-208-5236|	085-208-5308|	08-62440898|	08-81666928|	08-81666971|
+08-93742253|	09-424-112-54|	0970736361|	09-74-59-53-39|	09-75-18-92-61|	09-887-9731|
+1-300-596-394|	1-300-596-397|	1-300-596-398|	1-562-926-5672|	1-646-751-8006|	1-704-467-8894|
+1-800-201-3517|	1-800-208-4060|	1-800-208-4060-|	1-800-209-1664|	1-800-214-7440|	1-800-218-8813|
+1-800-219-713|	1800-230-6165|	1-800-230-6593|	1-800234567|	1-800-236-1513|	1-800-239-102|
+1-800-253-8598|	1-800-265-80|	1-800-273-5970|	1-800-278-4266|	1-800-281-6897|	1-800-281-97|
+1-800-284-7304|	1-800-285-1641|	1-800-285-6111|	1-800-290-6829|	1-800-291-4481|	1-800-291-7514|
+1-800-292-1174|	1-800-297-6859|	1-800-309-1126|	1-800-309-1126-|	1-800-311-5914|	1-800-316-1942|
+1-800-318-4284|	1-800-351-8467|	1-800-353-2506|	1-800-363-5019|	1-800-380-1734|	1-800-381-2059|
+1-800-381-9788|	1-800-431-255|	1800-431-283|	1-800-431-357|	1800-431-362|	1-800-431-362|
+1-800-431-367|	1-800-431-368|	1-800-431-377|	1-800-431-395|	1800-431-452|	1-800-431-453|
+1-800-431-492|	1-800-445-2620|	1-800-446-1359|	1-800-446-9531|	1-800-469-1480|	1-800-473-7579|
+1-800-523-8091|	1-800-556-3984|	1-800-558-9204|	1800-569-0786|	1-800-569-0786|	1-800-573-3082|
+1800-581-607|	1-800-586-7035|	1800-590-5371|	1-800-602-312|	1-800-617-3364|	1-800-625-1264|
+1-800-625-1446|	1-800-627-1612|	1-800-630-3153|	1-800-634-1162|	1-800-640-3506|	1-800-646-0717|
+1-800-646-717|	1-800-651-1445|	1-800-651-5036|	1-800-653-1183|	1-800-658-2836|	1-800-658-8214|
+1-800-678-9143|	1800-681-591|	1-800-683-9049|	1-800-683-9841|	1-800-696-4076|	1-800-718-1917|
+1-800-729-1951|	1-800-737-0675|	1-800-741-658|	1800-745-9386|	1-800-774-1799|	1-800-775-452|
+1-800-813-1316|	1-800-826-5638|	1-800-838-2529|	1-800-850-6759|	1-800-861-585|	1-800-862-3971|
+1-800-865-9812|	1-800-874-935|	1-800-876-0491|	1-800-876-491|	1-800-905-6904|	1-800-917-9647|
+1-800-928-2104|	1-800-933-9950|	1-800-942-1460|	1800-949-31|	1-800-952-984|	1-800-953-925|
+1-800-954-274|	1800-954-357|	1-800-954-357|	1800-956-8510|	1-800-962-1569|	1-800-969-507|
+1-800-983-145|	1-800-985-5120|	1-800-986-9304|	1-805-203-8843|	1-806-414-1834|	1-810-292-797|
+1-814-753-1577|	1817-237-9401|	1-818-358-8718|	1-833-224-8222|	1-833-248-4555|	1-833-300-5666|
+1-833-334-8999|	1-833-335-1333|	1-833-336-8633|	1-833-337-6555|	1-833-337-666|	1-833-339-7733|
+1-833-399-999|	1-833-414-5500|	1833-414-6600|	1-833-414-6600|	1-833-414-8800|	1833-425-7961|
+1-833-432-7770|	1-833-543-8896|	1-833-661-1933|	1-833-677-5449|	1-833-698-8563|	1-833-706-4400|
+1-833-706-8800|	1-833-776-8324|	1-833-783-7700|	1-833-802-2200|	1-833-863-6600|	1-833-870-9054|
+1-833-870-9055|	1833-990-7999|	1-833-995-1999|	1-844-200-159|	1-844-200-1625|	1-844-200-1653|
+1-844-200-1712|	1-844-200-1713|	1-844-200-1716|	1-844-200-1751|	1-844-200-1859|	1-844-200-1890|
+1-844-200-2560|	1-844-200-2574|	1-844-200-2578|	1-844-200-2629|	1-844-200-2650|	1-844-200-2861|
+1-844-200-2870|	1-844-200-4074|	1-844-200-4091|	1-844-200-4098|	1-844-200-4099|	1-844-200-4116|
+1-844-200-4203|	1-844-200-4243|	1-844-200-4246|	1-844-200-4249|	1-844-200-4323|	1-844-200-4379|
+1-844-200-4473|	1-844-200-4474|	1-844-200-4485|	1-844-200-4486|	1-844-204-9149|	1-844-210-6004|
+1-844-212-8344|	1-844-215-5229|	1-844-216-3222|	1-844-219-9266|	1-844-229-6999|	1-844-237-2411|
+1-844-237-2411-|	1-844-238-9924|	1-844-239-5999|	1-844-240-732|	1-844-241-5999|	1-844-241-7912|
+1-844-246-0222|	1-844-248-2909|	1-844-252-6111|	1-844-255-7017|	1-844-258-4222|	1-844-260-7876|
+1-844-261-8596|	1-844-264-6777|	1-844-265-1895|	1-844-266-6763|	1-844-284-8333|	1-844-284-8623|
+1-844-287-1056|	1-844-292-4928|	1-844-301-371|	1-844-305-5027|	1-844-307-1823|	1-844-307-1915|
+1-844-307-3666|	1-844-307-3760|	1-844-311-9589|	1-844-312-7438|	1-844-313-2246|	1-844-313-2994|
+1-844-313-6006|	1-844-313-6996|	1-844-313-7003|	1-844-313-9169|	1-844-313-9175|	1-844-314-758|
+1-844-318-9400|	1-844-324-2398|	1-844-324-6235|	1-844-326-3137|	1-844-328-3777|	1-844-347-5040|
+1-844-347-8024|	1-844-350-4289|	1-844-352-9401|	1-844-363-5005|	1-844-364-3797|	1-844-366-5999|
+1-844-370-2707|	1-844-371-8869|	1-844-372-887|	1-844-378-6561|	1-844-378-6777|	1-844-378-6888|
+1-844-378-9888|	1-844-386-1464|	1-844-392-7021|	1-844-399-9041|	1-844-400-9542|	1-844-410-800|
+1-844-410-804|	1-844-410-806|	1-844-411-4922|	1-844-416-2777|	1844-416-3444|	1-844-416-3444|
+1-844-421-5040|	1-844-421-5044|	1-844-421-5818|	1-844-422-5281|	1-844-428-3630|	1-844-431-5897|
+1-844-433-1244|	1-844-433-2012|	1-844-438-289|	1-844-440-1440|	1-844-441-1440|	1-844-441-3440|
+1-844-442-6444|	1-844-443-9444|	1-844-445-0440|	1-844-446-245|	1-844-448-9577|	1-844-450-732|
+1-844-450-735|	1-844-454-7212|	1-844-455-5516|	1-844-456-2535|	1-844-470-9939|	1-844-473-5341|
+1-844-488-0601|	1-844-488-601|	1-844-488-7669|	1-844-489-4777|	1-844-489-6111|	1-844-505-786|
+1-844-506-2833|	1-844-525-6428|	1-844-529-3725|	1-844-536-9249|	1-844-538-2676|	1-844-539-5778|
+1-844-539-5784|	1-844-542-4107|	1-844-543-6206|	1-844-545-8489|	1-844-551-8975|	1-844-554-2335|
+1844-554-2336|	1-844-554-2336|	1-844-556-2898|	1-844-556-7758|	1-844-558-1757|	1-844-568-2986|
+1-844-573-4082|	1-844-577-2888|	1-844-585-1394|	1-844-587-7642|	1-844-587-7643|	1-844-592-141|
+1-844-594-0202|	1-844-594-202|	1-844-598-3874|	1-844-599-9699|	1-844-608-8791|	1-844-609-9925|
+1-844-610-4969|	1-844-612-7496|	1-844-613-8256|	1-844-613-8256-|	1-844-616-4636|	1-844-621-9192|
+1-844-622-9881|	1-844-631-9229|	1-844-634-3273|	1-844-646-761|	1-844-647-2674|	1-844-647-9749|
+1-844-649-8047|	1-844-651-2555|	1-844-651-5157|	1-844-652-9239|	1-844-653-8666|	1-844-656-1695|
+1-844-656-7657|	1844-662-9666|	1-844-662-9666|	1-844-665-6697|	1-844-665-6888|	1-844-665-7222|
+1-844-666-6856|	1-844-670-2132|	1-844-671-9133|	1-844-672-9621|	1-844-675-2565|	1-844-675-8730|
+1-844-678-7861|	1-844-692-3232|	1-844-693-9511|	1-844-694-2302|	1-844-699-8351|	1-844-700-139|
+1-844-703-1130|	1-844-712-8372|	1-844-712-8372-|	1-844-715-0111|	1-844-715-111|	1-844-719-6112|
+1-844-719-6135|	1-844-719-6166|	1-844-724-6592|	1-844-726-5418|	1-844-730-7111|	1-844-733-5424|
+1-844-734-4622|	1-844-739-2013|	1-844-741-8241|	1-844-743-6449|	1-844-744-6889|	1-844-750-6258|
+1-844-755-0510|	1-844-758-4880|	1-844-758-6851|	1-844-758-6854|	1-844-761-8172|	1-844-767-8232|
+1-844-772-2439|	1-844-774-8432|	1-844-775-6410|	1-844-775-8407|	1-844-778-9178|	1-844-778-9179|
+1-844-778-9180|	1-844-778-9182|	1-844-779-3057|	1-844-779-444|	1-844-779-7006|	1844-781-9888|
+1-844-781-9888|	1-844-786-8920|	1-844-788-4217|	1-844-789-1031|	1-844-791-1072|	1-844-791-1319|
+1-844-792-2887|	1-844-792-2898|	1-844-793-5488|	1-844-795-9598|	1-844-798-3802|	1-844-800-2016|
+1-844-800-3651|	1-844-800-6834|	1-844-800-6856|	1-844-801-5941|	1-844-804-2259|	1-844-805-0111|
+1-844-806-4353|	1-844-807-3444|	1-844-807-4555|	1844-807-8358|	1-844-807-8358|	1-844-807-8535|
+1-844-810-2392|	1-844-810-6590|	1-844-811-1823|	1-844-811-606|	1-844-816-231|	1-844-816-232|
+1-844-816-7270|	1-844-819-6285|	1-844-820-4849|	1-844-822-8676|	1-844-828-9509|	1-844-829-3685|
+1-844-829-5569|	1-844-830-777|	1-844-831-5994|	1-844-831-6839|	1-844-831-6841|	1-844-832-860|
+1-844-835-5063|	1-844-843-5125|	1-844-850-3475|	1-844-850-7794|	1-844-850-8524|	1-844-851-4685|
+1-844-854-1116|	1-844-855-9343|	1-844-858-5267|	1-844-858-5647|	1-844-861-7753|	1-844-861-7768|
+1-844-862-6657|	1-844-862-6662|	1-844-866-1208|	1-844-866-408|	1-844-867-2500|	-1-844-867-2500|
+1-844-869-7593|	1-844-869-8466|	1-844-870-4511|	1-844-871-6370|	1-844-872-1286|	1-844-872-1555|
+1-844-872-1666|	1-844-873-1596|	1-844-874-3456|	1-844-874-6222|	1-844-877-9492|	1-844-879-8755|
+1-844-879-8755-|	1-844-880-8540|	1-844-882-1972|	1-844-882-29|	1-844-883-9715|	1-844-885-1444|
+1-844-888-6250|	1-844-890-6983|	1-844-890-8837|	1-844-890-8967|	1-844-891-1033|	1-844-891-1947|
+1-844-891-4879|	1-844-891-4883|	1-844-894-8333|	1-844-895-3281|	1-844-895-393|	1-844-898-7540|
+1-844-991-447|	1845-203-3355|	1-845-205-9081|	1-845-233-6465|	1-845-237-5335|	1-845-237-5345|
+1-850-583-3302|	1-855-200-6789|	1-855-203-6745|	1-855-205-3429|	1-855-205-4077|	1-855-221-8666|
+1855-228-920|	1-855-231-9571|	1-855-235-0666|	1-855-236-8489|	1-855-238-777|	1-855-245-888|
+1-855-246-8689|	1-855-256-4555|	1-855-261-444|	1-855-269-5777|	1-855-278-5777|	1-855-287-5222|
+1-855-297-8444|	1-855-297-9777|	1-855-302-8333|	1-855-307-6690|	1-855-307-6690-|	1-855-307-6697|
+1-855-325-1775|	1-855-336-7111|	1-855-340-999|	1-855-341-3936|	1-855-351-1669|	1-855-372-2604|
+1-855-372-4111|	1-855-374-9888|	1-855-382-4333|	1-855-389-2999|	1-855-389-4333|	1-855-390-1666|
+1-855-391-2888|	1-855-393-4537|	1-855-400-5988|	1-855-407-4888|	1-855-411-7333|	1-855-428-2297|
+1-855-433-5111|	1-855-441-0222|	1-855-441-7442|	1-855-441-7646|	1-855-442-4430|	1-855-483-6922|
+1-855-490-1999|	1-855-490-3222|	1-855-501-3222|	1-855-511-8200|	1-855-534-8622|	1-855-550-3155|
+1-855-558-6111|	1-855-581-6200|	1-855-622-7910|	1-855-633-1666|	1-855-634-7222|	1855-640-666|
+1-855-640-666|	1-855-654-999|	1-855-676-6410|	1-855-687-3444|	1-855-687-6111|	1-855-687-8444|
+1-855-689-8237|	1-855-697-5333|	1-855-707-865|	1-855-718-9786|	1-855-722-6773|	1-855-755-0999|
+1-855-762-5222|	1-855-786-3898|	1-855-844-199|	1-855-844-8599|	1-855-861-9885|	1-855-883-8484|
+1-855-937-4376|	1-855-955-2511|	1-858-251-4120|	1858-386-79|	1-866-202-1086|	1-866-205-9205|
+1-866-207-1988|	1-866-212-2077|	1-866-213-4608|	1-866-214-5075|	1-866-214-8746|	1-866-215-1667|
+1-866-215-3122|	1-866-216-9450|	1-866-216-9557|	1-866-217-1114|	1-866-217-246|	1-866-217-365|
+1-866-217-5161|	1-866-217-5708|	1-866-217-8834|	1-866-217-8835|	1-866-217-9773|	1-866-218-1569|
+1-866-218-1647|	1-866-218-1667|	1-866-218-3112|	1-866-218-3116|	1-866-218-3879|	1-866-245-4827|
+1-866-249-7329|	1-866-278-2125|	1-866-279-9569|	1-866-281-2116|	1-866-296-7071|	1-866-312-4799|
+1-866-314-6015|	1-866-315-1620|	1-866-333-3971|	1-866-338-7786|	1-866-339-1004|	1-866-343-8297|
+1866-370-410|	1-866-383-114|	1-866-389-1479|	1-866-417-3002|	1-866-421-0579|	1-866-439-4500|
+1-866-439-4500-|	1-866-446-1341|	1-866-450-3079|	1-866-497-4002|	1-866-511-7592|	1-866-511-7594|
+1-866-590-8715|	1-866-610-9888|	1-866-625-5558|	1-866-626-3808|	1-866-639-8853|	1-866-664-7164|
+1-866-683-3337|	1-866-686-7495|	1866-686-7503|	1-866-752-3090|	1-866-835-5589|	1-866-841-9124|
+1866-844-2548|	1-866-847-7743|	1866-847-7788|	1-866-869-9348|	1-866-888-1059|	1870-513-108|
+1-877-201-2439|	1-877-207-1564|	1-877-211-2480|	1-877-211-8858|	1-877-217-5947|	1-877-217-6313|
+1-877-217-6313|	1-877-217-6313|	1-877-218-3919|	1-877-219-1029|	1-877-219-1485|	1-877-219-1968|
+1-877-219-1996|	1-877-219-5017|	1-877-219-5044|	1-877-219-5060|	1-877-219-5956|	1-877-219-5966|
+1-877-219-6702|	1-877-219-6703|	1-877-219-7404|	1-877-219-8737|	1-877-219-9667|	1-877-219-994|
+1-877-220-2054|	1877-220-3072|	1-877-220-3180|	1-877-220-4850|	1-877-220-4860|	1-877-220-5017|
+1-877-220-5769|	1-877-220-6098|	1-877-220-6582|	1-877-220-7397|	1-877-220-8475|	1-877-220-8628|
+1-877-220-8783|	1-877-220-9321|	1-877-220-9962|	1-877-221-1366|	1-877-221-313|	1-877-221-8289|
+1-877-222-860|	1-877-223-4585|	1877-224-244|	1-877-224-244|	1-877-224-2480|	1-877-224-2895|
+1-877-244-0727|	1-877-244-727|	1-877-253-8089|	1-877-264-2122|	1-877-265-5843|	1-877-268-9059|
+1-877-268-9059-|	1-877-293-4440|	1-877-299-5502|	1-877-346-1614|	1-877-353-1034|	1-877-353-1127|
+1-877-373-8371|	1-877-382-9050|	1-877-390-1888|	1877-393-8186|	1-877-393-8186|	1-877-396-6777|
+1-877-408-7275|	1877-420-5230|	1-877-433-3061|	1-877-457-7705|	1-877-469-2140|	1-877-474-4311|
+1-877-503-7614|	1-877-509-8343|	1-877-510-5544|	1-877-524-7180|	1-877-546-2439|	1-877-577-5766|
+1-877-626-2710|	1-877-640-2516|	1-877-640-2517|	1-877-691-3469|	1-877-694-1843|	1-877-734-4250|
+1-877-750-7842|	1-877-757-4876|	1-877-796-9406|	1-8777986486|	1-877-798-6486|	1-877-799-5430|
+1-877-818-5969|	1-877-824-9312|	1-877-834-0372|	1-877-834-372|	1-877-836-562|	1-877-837-9791|
+1-877-843-3339|	1-877-861-3759|	1-877-863-4795|	1-877-870-1310|	1-877-888-7470|	1-877-939-3009|
+1-877-960-2359|	1-88-450-3444|	1-888-202-8995|	1-888-204-7932|	1-888-205-4163|	1-888-205-4245|
+1-888-205-9890|	1-888-206-1755|	1-888-209-4422|	1-888-209-7111|	1-888-209-7130|	1-888-210-0673|
+1-888-210-9250|	1-888-210-9302|	1-888-215-9422|	1-888-220-8498|	1-888-221-0726|	1-888-221-2920|
+1-888-223-4021|	1-888-223-7642|	1-888-223-8246|	1-888-225-1287|	1-888-225-465|	1-888-225-782|
+1-888-226-1173|	1-888-226-1622|	1-888-228-0084|	1-888-228-4154|	1-888-228-84|	1-888-228-9998|
+1-888-229-163|	1-888-231-1966|	1-888-232-1654|	1-888-232-2902|	1-888-234-3690|	1-888-237-9815|
+1-888-241-3676|	1-888-241-4151|	1-888-243-9401|	1-888-244-4119|	1-888-244-4578|	1-888-244-5014|
+1-888-244-6132|	1-888-248-1613|	1-888-248-8815|	1-888-255-7636|	1-888-258-6033|	1-888-258-9055|
+1-888-259-3417|	1-888-260-4243|	1-888-261-5610|	1-888-262-8816|	1-888-267-7999|	1-888-268-516|
+1-888-268-516|	1-888-270-291|	1-888-271-859|	1-888-279-3119|	1-888-286-5822|	1-888-287-0989|
+1-888-287-989|	1-888-300-4330|	1-888-301-5539|	1-888-302-0646|	1-888-304-2555|	1-888-308-3996|
+1-888-308-4585|	1-888-308-4972|	1-888-308-4985|	1-888-308-5073|	1-888-308-7980|	1-888-309-5186|
+1-888-309-5755#|	1-888-309-7042|	1-888-309-9976|	1-8883102449|	1-888-310-2449|	1-888-310-5669|
+1-888-310-6956|	1-888-310-7012|	1-888-316-5842|	1-888-316-7391|	1-888-316-8777|	1-888-325-1924|
+1-888-331-3064|	1-888-334-0666|	1-888-334-666|	1-888-335-7633|	1-888-339-0777|	1-888-346-4666|
+1-888-351-9666|	1-888-356-2829|	1-888-360-4508|	1-888-369-2088|	1-888-372-9389|	1-888-384-3226|
+1-888-393-6249|	1-888-395-5996|	1-888-400-4146|	1-888-403-6867|	1-888-412-7333|	1-888-416-286|
+1-888-420-3996|	1888-423-3886|	1-888-423-3886|	1-888-431-1942|	1-888-440-3005|	1-888-441-1595|
+1-888-442-5830|	1-888-443-7281|	1-888-444-325|	1-888-450-3444|	1-888-454-7025|	1-888-456-7170|
+1888-466-6433|	1-888-466-6433|	1-888-467-5568|	1-888-470-2751|	1-888-483-9444|	1-888-484-4930|
+1-888-486-4142|	1-888-495-8037|	1-888-496-666|	1-888-501-0222|	1-888-501-9477|	1-888-505-6572|
+1-888-509-5592|	1-888-511-1228|	1-888-512-1929|	1-888-514-5106|	1-888-514-5126|	1-888-515-1777|
+1-888-516-0490|	1-888-516-2007|	1-888-516-490|	1-888-521-0529|	1-888-526-7488|	1-888-530-7555|
+1-888-540-4666|	1-888-545-9220|	1-888-547-3398|	1-88-8547-3398|	1-888-549-8666|	1-888-552-5210|
+1-888-554-6480|	1-888-554-8205|	1-888-554-8266|	1-888-556-1222|	1-888-558-2612|	1-888-559-4076|
+1-888-560-8943|	1-888-565-3185|	1-888-569-1655|	1-888-569-3541|	1-888-570-3651|	1-888-571-6880|
+1-888-578-9666|	1-888-586-8499|	1-888-589-7758|	1-888-593-0106|	1-888-593-106|	1-888-598-7976|
+1-888-607-4665|	1-888-608-2594|	1-888-616-1599|	1-888-616-9444|	1-888-621-0834|	1-888-621-834|
+1-888-623-3372|	1-888-635-6193|	1-888-639-5599|	1-888-640-8577|	1-888-651-5889|	1-888-652-1304|
+1-888-655-7353|	1-888-658-685|	1-888-684-6373|	1-888-691-4986|	1-888-694-2184|	1-888-696-0666|
+1-888-709-5999|	1-888-724-3052|	1-888-728-7333|	1-888-728-9143|	1-888-751-4964|	1-888-751-4964|
+1-888-799-0599|	1-888-801-0627|	1888-801-1571|	1-888-801-5424|	1-888-802-2529|	1-888-802-7120|
+1-888-804-5441|	1-888-807-2627|	1-888-814-3477|	1-888-818-2853|	1-888-834-5606|	1-888-839-9985|
+1-888-843-1126|	1-888-844-85|	1-888-850-8578|	1-888-855-6855|	1-888-858-8356|	1-888-869-4393|
+1-888-870-3813|	1-888-876-4011|	1-888-879-9789|	1-888-881-9364|	1-888-883-9798|	1-888-884-4139|
+1-888-884-6349|	1-888-885-1701|	1-888-885-4967|	1-888-885-8695|	1-888-886-9457|	1-888-887-8691|
+1-888-890-8148|	1-888-917-5333|	1888-944-6229|	1-888-944-6229|	1-888-965-8445|	1-888-995-1799|
+1-925-526-4637|	20-8886480|	20-888-6480|	23-966661|	310-651-8138|	31-115788120|
+31-852086013|	32-025881811|	32-13-48-2-69|	32-2-588-5758|	32-25888838|	32-25-88-97-4|
+32-2-80-80-679|	32-2-808-2080|	32-2-80-82-114|	32-2-80-82-114|	32-2-80-83-354|	32-28084953|
+32-2-808-5711|	32-2-808-5741|	32-2-808-5742|	32-28-8-44-20|	32-28-8-49-32|	32-28-8-50-30|
+32-28-8-52-42|	32-28-8-57-41|	32-38081711|	32-38-8-44-8|	32-71-96-26-1|	32-84480189|
+32-89-68-3-11|	32-92-98-10-28|	33-0176363336|	33-176542655|	33-176542702|	33-176542705|
+33-176542737|	33-178-429-476|	33-182-888-269|	33-182-888-283|	33-182-888-290|	33-182-888-433|
+33-18-28-88-433|	3-318-626-5216|	33-186-265-248|	33-186269672|	33-186650032|	33-805-81-394|
+33-805-81-95|	33-9-70-73-54-08|	33-9-70-73-60-84|	33-970-736-245|	33-970736257|	33-970736272|
+33-9-75-18-16-00|	33-975182324|	33-9-75-18-23-26|	33-975-183-167|	34-518-88-93-96|	34-518-88-94-0|
+34-518-889-407|	34-857-880-139|	34-857-88-1-41|	34-857-88-1-48|	34-857-88-1-49|	34-921-88-0-17|
+34-921-88-0-23|	34-926-18-0-69|	34-927-88-0-45|	34-9-32-20-02-11|	34-932-20-2-11|	34-932-20-2-11|
+34-932-20-2-7|	34-932-20-35-0|	34-951-24-2193|	34-954-5-1-35|	34-954-5-1-35|	34-965-2-17-13|
+34-967-80-5-80|	358-16-469-1359|	358-753251124|	41-21-508-70-87|	41-41-508-70-76|	41-43-508-74-83|
+41-43-508-92-46|	41-44-505-14-7|	41-56-588-04-13|	41-61-588-8-67|	41-61-588-8-94|	43-2155911|
+43-215-5911|	43-720902540|	44-131-507-344|	44-147-337-8276|	44-163-843-8026|	44-180-845-1|
+44-203-808-8593|	44-20-3868-4870|	44-20-3868-4904|	44-20-3868-4930|	44-20-8068-3165|	44-330-808-4617|
+44-8000-465-220|	44-8000-465-220|	44-8000-465-53|	44-800-090-3274|	44-800-090-3820|	44-800-098-8395|
+44-800-46-5036|	44-800-46-5085|	44-800-465-229|	44-800-46-5706|	44-800-48-8166|	44-800-689-1673|
+44-800-689-753|	44-800-86-9326|	44-800-86-9374|	44-800-88-5062|	44-808-189-764|	44-870-820-510|
+4532-725-473|	45-78746859|	45-89871945|	45-89-87-42-23|	45-89-87-42-24|	45-89874331|
+46-1-88-855-68|	46-7-669-200-92|	46-8-446-820-31|	47-23965406|	47-800-24-963|	47-800-24-964|
+49-800-723-6206|	507-8339138|	55-4170-8902|	61-1800-431-245|	61-1800-431-245|	61-1800-431-249|
+61-1800-431-249|	61-1800-431-255|	61-1800-431-259|	61-1800-431-259|	61-1800-431-369|	61-1800-431-377|
+61-1800431422|	61-1800-431-422|	61-1800-431-437|	61-1800-431-439|	61-1800-431-440|	61-1800-431-441|
+61-1800-431-443|	61-1800-581-607|	61-1800-581-607|	61-1800-628-619|	61-1800-628-619|	61-1800-780-684|
+61-1800-861-588|	61-1800-875-389|	61-180-87-5272|	61-267-111-644|	61-3-8657-5304|	61-894-683-528|
+64-48879132|	64-48879146|	65-31631471|	65-31631471|	65-3163-1471|	65-31637677|
+65-31638569|	731-777-446|	7-848-75-27|	7-848-75-55|	7-848-75-63|	78-75-49-12|
+78-75-49-12|	78-75-95-72|	800-046-5034|	800-046-5035|	800-069-8947|	800-090-3178|
+800-090-3917|	800-090-3965|	800-0988794|	800-098-8794|	800-130-2199|	800-183-8114|
+800-242-6157|	800-243-0834|	800-257-1671|	800-257-6159|	800-276-0340|	800-279-0225|
+800-337-3219|	800-368-8157|	800-385-3506|	800-385-4829|	800-446-1356|	800-497-5972|
+800-552-8133|	800-552-8162|	800-637-0838|	800-696-4076|	800-795-3272|	800-813-1316|
+800-910-990|	800-919-811|	805-081-035|	805-086-615|	808-189-0262|	844-200-1869|
+844-200-3946|	844-313-9169|	844-324-2962|	844-386-8372|	844-411-4921|	844-430-7553|
+844-431-5897|	844-542-4107|	844-663-2459|	844-676-8550|	844-760-4122|	844-798-3802|
+844-885-0160|	855-205-0255|	855-205-9531|	855-205-9913|	855-228-0920|	855-228-2129|
+855-228-2130|	855-228-2379|	855-239-2183|	855-241-4822|	855-248-1449|	855-248-1497|
+855-252-1791|	855-257-7100|	855-258-1446|	855-262-8670|	855-262-9103|	855-266-4741|
+855-282-6042|	855-289-7530|	855-292-3941|	855-292-3959|	855-294-1124|	855-294-1129|
+855-297-7165|	855-297-7575|	855-297-8444|	855-324-4119|	855-324-5612|	855-324-5898|
+855-332-6148|	855-332-6165|	855-334-1897|	855-351-1670|	855-355-5073|	855-358-6330|
+855-358-7284|	855-364-4107|	855-369-2331|	855-369-2906|	855-391-2888|	855-404-6983|
+855-404-6986|	855-405-7095|	855-431-3599|	855-445-8994|	855-445-9025|	855-445-9067|
+855-447-0411|	855-454-5006|	855-484-5936|	855-484-6018|	855-500-9647|	855-500-9849|
+855-500-9865|	855-533-5796|	855-624-7504|	855-689-8196|	855-689-8237|	855-692-5017|
+855-699-6155|	855-699-6156|	855-731-4558|	855-731-4577|	855-740-4835|	855-740-4839|
+855-786-3890|	855-828-0725|	855-879-8128|	855-879-8218|	855-880-2625|	855-882-7403|
+855-883-8575|	855-889-3070|	855-894-7625|	855-894-7714|	866-201-8999|	866-203-0332|
+866-203-0675|	866-203-9002|	866-209-9923|	866-211-8374|	866-245-2927|	866-249-2994|
+866-251-3564|	866-256-9876|	866-258-2043|	866-258-2061|	866-273-6026|	866-273-6047|
+866-273-6495|	866-279-5039|	866-279-5090|	866-290-5160|	866-291-8355|	866-291-8725|
+866-296-7071|	866-298-7302|	866-315-0847|	866-331-7691|	866-350-2508|	866-350-2509|
+866-371-4328|	866-383-9914|	866-391-6238|	866-392-7720|	866-402-1473|	866-421-0581|
+866-421-0775|	866-421-0783|	866-423-9927|	866-424-8189|	866-424-8267|	866-433-0852|
+866-448-1409|	866-475-9024|	866-491-1849|	866-491-1929|	866-517-6557|	866-528-2581|
+866-529-4573|	866-529-4576|	866-537-8515|	866-553-1955|	866-570-7665|	866-627-4486|
+866-664-7153|	866-674-4473|	866-674-4534|	866-679-4832|	866-711-7695|	866-745-9470|
+866-745-9585|	866-778-4651|	866-788-2694|	866-799-3813|	866-799-3818|	866-809-9055|
+866-811-5991|	866-819-6803|	866-819-6805|	866-841-9124|	866-841-9197|	866-844-2880|
+866-856-3548|	866-876-0572|	866-877-9859|	866-884-4602|	866-888-0929|	866-888-0950|
+866-888-1059|	866-940-2699|	877-201-7936|	877-205-4993|	877-208-5121|	877-211-2006|
+877-219-6439|	877-221-5313|	877-223-4910|	877-223-5064|	877-249-0394|	877-265-0730|
+877-269-9098|	877-288-4308|	877-367-0132|	877-387-3582|	877-387-9795|	877-390-9713|
+877-393-8186|	877-495-0163|	877-507-9671|	877-527-9416|	877-548-3690|	877-578-1951|
+877-578-4670|	877-593-4297|	877-765-8184|	877-806-7606|	877-840-3423|	877-848-0941|
+877-910-4210|	888-204-3985|	888-217-5108|	888-219-8266|	888-223-4021|	888-225-0777|
+888-233-1123|	888-242-1512|	888-244-7420|	888-248-8302|	888-252-1520|	888-252-2050|
+888-267-7999|	888-275-1718|	888-304-1764|	888-304-8120|	888-310-3274|	888-382-2802|
+888-410-8118|	888-415-4135|	888-440-0654|	888-442-2565|	888-453-1072|	888-453-1525|
+888-466-6330|	888-466-6458|	888-473-9840|	888-487-2409|	888-493-5974|	888-545-9209|
+888-554-8150|	888-557-9431|	888-587-3647|	888-595-2212|	888-617-6592|	888-623-3295|
+888-660-1758|	888-660-1761|	888-694-2164|	888-694-2168|	888-694-2197|	888-694-2261|
+888-722-9670|	888-776-2580|	888-778-1543|	888-795-1528|	888-797-8817|	888-797-9349|
+888-797-9350|	888-803-9412|	888-810-5341|	888-811-4180|	888-829-5571|	888-829-5736|
+888-858-1973|	888-858-8261|	888-858-8437|	888-870-8049|	900-868-512|	91-8979038113|
+91-9899641369|					

windows/security/intelligence/trojans-malware.md

@@ -0,0 +1,42 @@
+---
+title: Trojan malware
+description: Learn about how trojans work, deliver malware do your devices, and  what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+
+# Trojan malware
+
+Trojans are a common type of malware which, unlike viruses, can’t spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them.
+
+Trojans often use the same file names as real and legitimate apps. You might accidentally download a trojan thinking you are downloading a legitimate app.
+
+## How trojans work
+
+Trojans can come in many different varieties, but generally they do the following:
+
+- Download and install other malware, such as viruses or worms.
+
+- Use your PC for click fraud.
+
+- Record your keystrokes and the sites you visit.
+
+- Send information about your PC to a malicious hacker including passwords, login details for websites, and browsing history.
+
+- Give a malicious hacker control over your PC.
+
+## How to protect against trojans
+
+Use the following free Microsoft software to detect and remove it:
+
+- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for  previous versions of Windows.
+
+- Microsoft Safety Scanner
+
+You should also run a full scan. A full scan might find other, hidden malware.

windows/security/intelligence/unwanted-software.md

@@ -0,0 +1,49 @@
+---
+title: Unwanted software
+description: Learn about how unwanted software changes your default settings without your consent and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+# Unwanted software
+
+Unwanted software are programs that alter your Windows experience without your consent or control. The altered experience can be in the form of modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to Windows settings.
+
+## How does unwanted software get into my PC?
+
+You may get unwanted software when you search for and download applications from the Internet. Some applications are software bundlers, which means that they are packed with other applications. As a result, when you install the application you originally searched for, you may inadvertently install other programs that you may not want or need.
+
+Here are some indications that you have unwanted software on your PC:
+
+- You see programs that you did not install and that may be difficult to uninstall
+
+- Your browser features or settings changed, and you can’t view or modify them
+
+- You see excessive messages about your PC’s system health or about files and programs in your PC
+
+- You see ads that you cannot easily close
+
+Some unwanted behaviors are harder to recognize. Some unwanted software, for example, modify web pages to display specific ads, monitor your browsing activities, or remove control of your browser. You need antivirus products, such as Windows Defender Antivirus (Windows Defender AV), to detect and remove these unwanted software. Microsoft uses an extensive [evaluation criteria](https://www.microsoft.com/wdsi/antimalware-support/malware-and-unwanted-software-evaluation-criteria) to identify unwanted software.
+
+## How do I protect my PC against unwanted software?
+
+To prevent unwanted software infection, download software only from official websites, or from the Microsoft Store. Be wary of downloading software from third-party sites.
+
+Use Microsoft Edge when browsing the Internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using Windows Defender SmartScreen (also used by Internet Explorer).
+
+Enable Windows Defender AV in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
+
+If you suspect that you have unwanted software your PC, you can [submit files for analysis](https://www.microsoft.com/wdsi/filesubmission).
+
+## What should I do if my PC is infected? 
+
+Some unwanted software add uninstallation entries, which means that you can remove them from your PC using Settings. Select the Start button, then go to **Settings > Apps > Apps & features**. Select the app you want to uninstall, then click **Uninstall**. If you only recently noticed symptoms of unwanted software infection, consider sorting the apps by install date, and then uninstall the most recent apps that you did not install.
+
+You may also need to remove browser add-ons in your browsers, such as Internet Explorer, Firefox, or Chrome.
+
+Some unwanted software can be more difficult to remove. Run a full scan using Windows Defender AV to remove unwanted software, malware, and threats.

windows/security/intelligence/virus-information-alliance-criteria.md

@@ -0,0 +1,51 @@
+---
+title: Virus Information Alliance
+description: Information and criteria regarding VIA
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/12/2018
+---
+# Virus Information Alliance
+
+The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime.
+
+Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft, with the goal of improving protection for Microsoft customers.
+
+## Better protection for customers against malware
+
+The VIA program gives members access to information that will help improve protection for Microsoft customers. For example, the program provides malware telemetry and samples to security product teams to identify gaps in their protection and prioritize new threat coverage.
+
+Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets and setting scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
+
+Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers.
+
+## Becoming a member of VIA
+
+Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA). The criteria is designed to ensure that Microsoft is able to work with security software providers, security service providers, antimalware testing organizations, and other organizations involved in the fight against cybercrime to protect a broad range of customers.
+
+Members will receive information to facilitate effective malware detection, deterrence, and eradication. This includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
+
+VIA has an open enrollment for potential members.
+
+### Initial selection criteria
+
+To be eligible for VIA your organization must:
+
+1. Be willing to sign a non-disclosure agreement with Microsoft.
+
+2. Fit into one of the following categories:
+   * Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available.
+   * Your organization provides security services to Microsoft customers or for Microsoft products.
+   * Your organization publishes antimalware testing reports on a regular basis.
+   * Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
+
+3. Be willing to sign and adhere to the VIA membership agreement.
+
+If your organization wants to apply and meets this criteria, you can apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx).
+
+If you have any questions, you can also contact us using our [partnerships contact form](http://www.microsoft.com/security/portal/partnerships/contactus.aspx).

windows/security/intelligence/virus-initiative-criteria.md

@@ -0,0 +1,57 @@
+---
+title: Microsoft Virus Initiative
+description: Information and criteria regarding MVI
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: ellevin
+author: levinec
+ms.date: 07/12/2018
+---
+
+# Microsoft Virus Initiative
+
+The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
+
+Like the [Virus Information Alliance (VIA)](virus-information-alliance-criteria.md) and the [Coordinated Malware Eradication (CME) program](coordinated-malware-eradication.md), MVI aims to share information about the threat landscape that can help your organization protect its customers.
+
+MVI members will receive access to Windows APIs (such as those used by Windows Defender Security Center, IOAV, AMSI and Cloud Files), malware telemetry and samples, and invitations to security related events and conferences.
+
+MVI adds to VIA by requiring members to develop and own antimalware technology, and to be present in the antimalware industry community.
+
+## Join MVI
+
+A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology.
+
+The base criteria for MVI membership are the same as for VIA, but your organization must also offer an antimalware or antivirus product.
+
+### Initial selection criteria
+
+Your organization must meet the following eligibility requirements to participate in the MVI program:
+
+1. Offer an antimalware or antivirus product that is one of the following:
+
+   * Your organization's own creation.
+   * Licensed from another organization, but your organization adds value such as additional definitions to its signatures.
+   * Developed by using an SDK (engine and other components) from another MVI Partner AM company and your organization adds a custom UI and/or other functionality (white box versions).
+
+2. Have your own malware research team unless you distribute a Whitebox product.
+
+3. Be active and have a positive reputation in the antimalware industry. Your organization is:
+
+   * Certified through independent testing by an industry standard organization such as [ICSA Labs](https://www.icsalabs.com/), [West Coast Labs](http://www.westcoastlabs.com/), [PCSL IT Consulting Institute](https://www.pitci.net/), or [SKD Labs](http://www.skdlabs.com/html/english/).
+   * Be active in the antimalware industry. For example, participate in industry conferences, be reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
+
+4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
+
+5. Be willing to sign a program license agreement.
+
+6. Be willing to adhere to program requirements for AM apps. These requirements define the behavior of AM apps necessary to ensure proper interaction with Windows.
+
+7. Submit your AM app to Microsoft for periodic performance testing.
+
+### Apply to MVI
+
+If your organization wants to apply and meets this criteria, you can apply using our [membership application form](http://www.microsoft.com/security/portal/partnerships/apply.aspx).

windows/security/intelligence/worms-malware.md

@@ -0,0 +1,46 @@
+---
+title: Worms
+description: Learn about worms, how they infect devices and what you can do to protect yourself.
+keywords: security, malware
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dansimp
+ms.date: 07/01/2018
+---
+
+# Worms
+
+A worm is a type of malware that spreads to other PCs. Worms can copy themselves and often spread through a PC network by exploiting security vulnerabilities. They can spread through email attachments, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.
+
+## How worms work
+
+Worms represent a large category of malware. Different worms use different methods to infect devices.  Depending on the variant, they can steal sensitive information, change PC security settings, send information to malicious hackers, stop users from accessing files, and other malicious acts.
+
+Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.
+
+Jenxcus has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a PC from a drive-by download attack, meaning it's installed when users just visit a compromised webpage.
+
+Gamarue typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a PC, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
+
+Bondat typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as PC name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
+
+Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing on your PC they try to avoid detection by your security software.
+
+This image shows how a worm can quickly spread through a shared USB drive.
+
+![Worm example](./images/WormUSB_flight.png)
+
+### *Figure worm spreading from a shared USB drive*
+
+## How to protect against worms
+
+Use the following free Microsoft software to detect and remove it:
+
+* Windows Defender for Windows 10, and Windows 8.1
+
+* Microsoft Safety Scanner for Windows 7 and Windows Vista
+
+You should also run a full scan find other, hidden malware. If you still can't remove it, visit our advanced troubleshooting page for more help.