Posts Tagged ‘melbourne’

MSRT March ’13 – Wecykler

Mar

2013

Wecykler is a family of worms, that shares some similarities with the Worm:Win32/Autorun family, in that it that takes advantage of removable drives attached to an infected system in order to propagate to other machines. They target users’ familiarity with the content of drives (files and directories) disguising as directories with existing and catchy names […]

Category General Written by Microsoft Malware Protection Center 0 Comments

The “hidden” backdoor – VirTool:WinNT/Exforel.A

Dec

2012

Recently we discovered an advanced backdoor sample – VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this backdoor is implemented at the NDIS (Network Driver Interface Specification) level. VirTool:WinNT/Exforel.A implements a simple private TCP/IP stack and hooks NDIS_OPEN_BLOCK for the TCP/IP protocol, as shown in Figure 1. Figure 1: Hooked functions in NDIS_OPEN_BLOCK This means that backdoor-related TCP traffic will be diverted to the private […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Smoke and mirrors and Win32/Phorpiex

Nov

2012

This month one of the families introduced to MSRT is Win32/Phorpiex, a worm that spreads via removable drives and has IRC controlled backdoor functionality. In most respects Phorpiex is another worm, with typical command and control via IRC as well as spreading via removable drives. Like many other malware it usually does this by using […]

Category General Written by Microsoft Malware Protection Center 0 Comments

The Latest in IT Security

Posts Tagged ‘melbourne’

MSRT March ’13 – Wecykler

The “hidden” backdoor – VirTool:WinNT/Exforel.A

Smoke and mirrors and Win32/Phorpiex

Categories

Featured

Archives

Latest Comments

About Us

Contact Us