2009 December 16 | TrendLabs | Malware Blog

December 2009
S	M	T	W	T	F	S
« Nov		Jan »
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Dec16

8:34 am (UTC-7) | by Ryan Flores (Senior Threat Researcher)

koobface3_tb

Everything exists for a purpose.

Malware, for all the crazy things they do, exist because their creators want them to. Malware can be the product of a bored mind, of an experiment, of inspiration, or, as it is becoming increasingly common nowadays, as a means for profit.

No one bothers to create a botnet as complicated as KOOBFACE just for fun, so the question that begs for an answer is, “What is KOOBFACE for?”

In the third (and hopefully last) installment of our KOOBFACE research papers, we examined the various mechanisms KOOBFACE employed to monetize its botnet, offering a peek at the ways modern cybercriminals operate and the challenges these pose.

For those interested, “Show Me the Money! The Monetization of KOOBFACE” can be downloaded here.

Posted in Botnet, Malware, Security | TrackBacks (3) »

Dec16

New Adobe Zero-Day Vulnerability Again

8:30 am (UTC-7) | by Roland Dela Paz (Threat Response Engineer)

Security researchers have unearthed a new vulnerability in both Adobe Acrobat and Reader. Adobe has acknowledged the presence of the said vulnerability although it has not gone public with more specific details. Researchers believe version 9.2 and earlier of Adobe Acrobat and Reader are affected by this vulnerability.

Trend Micro threat analysts have encountered several samples of malicious .PDF files (detected as TROJ_PIDIEF.PGT, TROJ_PIDIEF.PGS, and TROJ_PIDIEF.PGU) that exploit the said vulnerability. While Adobe has not yet been able to release a patch, it was found that disabling JavaScript will serve as a suitable workaround.

To disable JavaScript, perform the following steps from within the concerned Adobe application:

Click Edit then Preferences.
In the left panel, choose JavaScript.
In the right panel, uncheck Enable Acrobat JavaScript.
Click OK.

Trend Micro product users are protected from this threat via the Smart Protection Network, which prevents the .PDF files from being downloaded onto users’ systems.

Update as of December 16, 2009, 1:00 PM PST

Adobe has officially released a security advisory covering this threat. In addition, they also announced that a patch to solve this problem will be released by January 12, 2010.

Update as of December 17, 2009, 4:26 AM PST

Trend Micro users that have OfficeScan with Intrusion Defense Firewall plugin are secured from any PDF exploit attacks as long as their systems are up-to-date with the latest IDF filters (IDF0937). For more details regarding this vulnerability, visit the security advisory we posted in our Threat Encyclopedia.