Welcome to TechNet Blogs Sign in | Join | Help

October 2008 - Posts

SWF for Malware Deployment

Posted Friday, October 31, 2008 11:39 AM by mmpc
More and more each day I see SWF files being sent to us as a potential part of a malware deployment chain. Most of the times it is not the case, but because of these special cases where the submitter was actually right, I decided to write this entry. Read More...
(Comments Off)

Win32/Rustock Hide and Seek – MSRT Telemetry

Posted Wednesday, October 29, 2008 5:05 PM by mmpc
In his 10/18 blog post , Oleg provided great insights about the distribution, installation and payload of Win32/Rustock which was added to MSRT 10/14 release. As of 10/29 MSRT has removed this rootkit from 99,418 distinct machines. Breakdown of these Read More...
(Comments Off)

What’s Travelling on the Wire (part 2)

Posted Tuesday, October 28, 2008 9:47 PM by mmpc
Quite a while has passed since we started logging data about incoming attacks on an Internet-connected system and now we have gathered enough information to show the risks of exposing an unsecured computer on the Web. Let’s start with some data about Read More...
(Comments Off)

Get Protected, Now!

Posted Thursday, October 23, 2008 10:00 AM by mmpc
Microsoft released a security update today that fixes a vulnerability that affects all supported versions of Windows. On some versions of Windows, an unauthenticated attacker can remotely execute code on a vulnerable computer. Basically if file sharing Read More...
(Comments Off)

Trojan Writers Drive BMW

Posted Tuesday, October 21, 2008 4:30 PM by mmpc
Why is malware that targets online games so prevalent these days? Why is there an interesting saying in China: "Trojan writers drive BMW" ("写木马, 开宝马")? The writers and distributors of trojans that steal passwords and account details from popular online Read More...
1 Comments

Uprooting Win32/Rustock

Posted Saturday, October 18, 2008 11:06 AM by mmpc
This month we added a family of rootkit-enabled trojans to MSRT - Win32/Rustock Win32/Rustock is a multi-component family of rootkit-enabled backdoor trojans, which were historically developed to aid in the distribution of 'spam' e-mail. First discovered Read More...
(Comments Off)

SQL Injection - New Approach for Win32/FakeXPA?

Posted Friday, October 17, 2008 11:33 AM by mmpc
(often known as "Antivirus 2009"). One night while browsing, a message box popped up asking me to do a "security scan". As a researcher, I wouldn't let this pass me by. After going through my opened tabs I narrowed down the culprit to a forum I had open Read More...
(Comments Off)

Email Scam Targets Microsoft Customers

Posted Monday, October 13, 2008 11:30 AM by mmpc
Email scams are a common way to spread malware and/or steal personal information. Some great guidelines to help you protect yourself from such scams are outlined here: http://www.microsoft.com/protect/computer/viruses/email.mspx We have recently found Read More...
1 Comments

Malware Writer Wants an Eye-to-Eye With Us

Posted Friday, October 10, 2008 5:44 PM by mmpc
Zlob has been around for quite some time now and it is still evolving rapidly. If we thought of Zlob as a car, it has gone through the equivalent of several overhaulings... Zlob constantly changes its decryption, obfuscation, and structure. As is our Read More...
1 Comments

The Cost of Free $oftware (part 2)

Posted Wednesday, October 08, 2008 12:14 PM by mmpc
After we tracked down one of the sources for the Zlob trojan as a free torrent download, we decided to see exactly how deep the rabbit-hole goes. So we checked the newest uploads and saw another package for the latest version of WinRAR (3.80). It had Read More...
(Comments Off)

The Cost of Free $oftware

Posted Monday, October 06, 2008 12:28 PM by mmpc
Today we stumbled upon an interesting file. The file in question, " wrar380CorporateEdition.exe " (md5: f054f5a1bcb79098916c80b28e4f2bec), appears to be the install kit for the WinRar archiver. Upon closer inspection, it is actually a self-extract cab Read More...
1 Comments

Rogue Antivirus - A Closer Look at Win32/Antivirusxp

Posted Thursday, October 02, 2008 10:49 AM by mmpc
Fake (or rogue) security applications have been a cause of confusion and problems for users for some years. These applications generally display fake warnings and malware detections in order to entice users to buy the application and thus ‘disinfect’ Read More...
2 Comments
 
Page view tracker