Many Hackers Accidentally Send Their Code To Microsoft

joshgnosis writes "When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. 'It's amazing how much stuff we get.' Heckman also said Microsoft was a common target for people testing their attacks. 'The first thing [script kiddies] do is fire off all these attacks at Microsoft.com. On average we get attacked between 7000 and 9000 times per second.'"

So now crackers have a new way to attack Microsoft

[tomhudson]

An application that generates random gibberish that "look" like a script, then sends it embedded in a fake crash dump to Microsoft for analysis.

"Fuzzing" isn't limited to code on the local machine any more - you can now try it on Microsoft employees.

Then add further fake crash dumps from legitimate apps that didn't crash; enough of them, from enough machines, and Microsoft will be looking for non-existent bugs.