Welcome to TechNet Blogs Sign in | Join | Help

March 2009 - Posts

Forget About Internet Threads

Posted Tuesday, March 31, 2009 5:10 PM by mmpc
<sarcasm> Admittedly I was worried about it at first </sarcasm> , but now I can "forget about viruses, spyware, identity theft and other Internet threads", according to one rogue security site: Wow, who knew Internet threads (???) could be Read More...
(Comments Off)

Information about Worm:Win32/Conficker.D

Posted Friday, March 27, 2009 4:35 PM by mmpc
Over the past several months, Microsoft has received reports on 4 different variants of the Conficker worm, the latest being Worm:Win32/Conficker.D (also known as Downadup.C, and the subject of a number of recent press articles labeling this variant as Read More...
(Comments Off)

SMMthing old, SMMthing new

Posted Tuesday, March 24, 2009 5:10 PM by mmpc
Another day arrives and, with it, another way to run code. This time, it's executing arbitrary code in System Management Mode (SMM) memory. That sounds kind of exciting, right? A SMM rootkit? Does that mean that we need an anti-malware scanner for SMM Read More...
(Comments Off)

Automated Vulnerability Analysis

Posted Saturday, March 21, 2009 8:30 PM by mmpc
Last week at CanSecWest I had the pleasure to watch the MMPC’s security research team present on a technology we have been working on to speed the analysis of vulnerabilities. The motivation behind this work is to automate the otherwise laborious process Read More...
(Comments Off)

Malware Du Jour

Posted Friday, March 20, 2009 10:45 AM by mmpc
I believe the Internet is pretty awesome. Full of win some might say. Controversial viewpoint I know, but I’m cool like that. Of the many varied side-effects of the Internet, I would argue one of the most interesting (if only from a social-science point Read More...
(Comments Off)

Art History

Posted Tuesday, March 17, 2009 3:25 PM by mmpc
So the virus writer SPTH has returned to the scene, in some sense. He has written a DOS virus. And not just any DOS virus. This one is, wait for it, executable ASCII! Yay. His inspiration is apparently the EICAR anti-virus test file, however the only Read More...
(Comments Off)

Anti-Social Networking

Posted Tuesday, March 10, 2009 5:00 PM by mmpc
The family added to the March MSRT release is Win32/Koobface . This family is not just a worm, but a collection of different components that can each perform a different task. These include downloading, web hosting, password stealing, displaying popups Read More...
(Comments Off)

Spam - What the Doctor Ordered?

Posted Monday, March 09, 2009 1:20 PM by mmpc
Periodically I'll glance into my spam folder within Outlook and see if the messages there deserve this somewhat final resting place. I spotted a number of messages that have a very similar pattern in the message body when viewed in plain-text mode - see Read More...
(Comments Off)

FakeXPA – The Journey Continues

Posted Friday, March 06, 2009 4:05 PM by mmpc
The big fish is back. Rogue security products have long been targeting Microsoft's Security Center and using other Microsoft imaging or logos to falsely lure users to buy and use their products. We now welcome Symantec, Webroot and Sophos to that esteemed Read More...
(Comments Off)

%Lnkget%

Posted Tuesday, March 03, 2009 4:50 PM by mmpc
What is lnkget? TrojanDownloader:Win32/Lnkget.* is a malicious Windows shortcut. Once executed, it is able to carry out actions like downloading new files (in this case malware). To be successful, it must use only executables that exist by default on Read More...
(Comments Off)
 
Page view tracker