Microsoft Malware Protection Center

Threat Research & Response Blog

March, 2011

  • Embedded JavaScript in SWF

    In a blog published in November titled “ Explore the CVE-2010-3654 matryoshka “, we discussed a 0-day Shockwave (SWF) exploit that uses JavaScript to do malicious actions. In this blog, we discuss another advanced way SWF malware is combined with JavaScript only this time, without using a 0-day exploit. In January we noticed a very large spike in telemetry for a threat named Trojan:SWF/Jaswi.A . Going back to December 2010, we had picked up a few spikes for this issue, one around Christmas, a second...