Microsoft Malware Protection Center

Threat Research & Response Blog

July, 2008

  • How potentially unwanted software finds a way into our computers

    I was talking yesterday with a fellow researcher about the Win32/Danmec trojan and the way it uses SQL injection to extend its bot network when I just realized that I was actually looking through some of the injected webpages. I decided to find more about it so I backtracked the events to see how the injection occurs and where it may potentially lead. This is what I discovered, in short. Everything start with attacks against web servers, searching for victims. This is done by running queries like...
  • The Power of SSE

    In the beginning, there was the CPU. It supported only integer operations. Then came the FPU, which supported floating-point operations. For a long time, that was all we had. Then came MMX (which is commonly said to stand for MultiMedia eXtensions, but actually Intel won't say), which was back to the integer operations (and interfered with the FPU), but these integer operations were useful for 3D applications. Then came SSE (Streaming SIMD Extensions). SSE allowed both integer and floating-point...
  • 4th of July Greetings

    Aside from the Storm Worm , a new 4th of July malware is currently being spammed around. Below is a sample of the greeting card mail: Clicking on the link will not lead you to greetings.com but rather to a malware download site with a filename july.exe It turns out the july.exe is another IRC backdoor and is now detected as Backdoor:Win32/IRCFlood . Upon excution, it will display the following image: Make sure to watch out for this type of mail in your inbox and enjoy the rest of your 4th of...
  • What’s travelling on the wire

    Just a few days ago we installed a new network protocol analyzer in our lab here in Dublin. It was late when the configuration was done so we just fired it up and let it run until the next day. After all we didn't expect to get much attention in the beginning. In a couple of hours, the first signs began to appear. Mainly there were port scans from zombies (a computer attached to the Internet that has been compromised by a hacker, or a malware program; generally, a compromised machine is only one...