Microsoft Malware Protection Center

Threat Research & Response Blog

Browse by Tags

  • Blog Post: Analysis of the Eleonore exploit pack shellcode

    '‚ÄčEleonore ' is a malware package that contains a collection of exploits used to compromise web pages. When the compromised web pages are viewed via vulnerable systems, the exploit payload is run. Eleonore is purchased by an attacker from an underground website. The attacker then gains access to Internet...
  • Blog Post: A Technical Analysis on the Exploit for CVE-2011-2110 Adobe Flash Player Vulnerability

    On June 14, Adobe released updates and a security bulletin (APSB11-18) referencing attacks affecting Adobe Flash Player (versions 10.3.181.23 and earlier). These attacks have been observed as hosted on webpages containing malformed SWF files. We spent some time analyzing this Flash Player vulnerability...
  • Blog Post: Have you checked the Java?

    Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report ( v9 - released last week ), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional...
  • Blog Post: A technical analysis of Adobe Flash Player CVE-2012-0779 Vulnerability

    Recently, we've seen a few attacks in the wild targeting a patched Adobe Flash Player vulnerability. The vulnerability related to this malware was addressed with a recent patch released by Adobe on May 4th. On the Windows platform, Flash Player 11.2.202.233 and earlier is vulnerable. If you're using...
  • Blog Post: Vulnerability analysis, practical data flow analysis and visualization

    Recently at CanSecWest 2012, we presented on the technology we use for analyzing malicious samples and PoC files. As malware often actively attempts to exploit software vulnerabilities these days, understanding the internals of these vulnerabilities is essential when writing defense logic. Out of...