Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors—the Sasser and Nimda worms—it also raised security concerns with regard to a spike in port 445 activity. A few days after its appearance, reports suggested that the threat had spread. More than 500,000 unique hosts spread across networks in the United States, China, India, the Middle East, Europe, and ...

A few days ago, I got access to the source code of the well-known Elite Loader for free. Yes. It was published on one of the Russian underground forums. It even had a detailed description and screenshots showing how to use the application's command and control (C&C) server. Apart from dropping malicious files on infected machines, Elite Loader also allows malicious users to upload additional software to targeted systems to steal passwords or deploy spam or distributed denial of service (DDoS) modules ...

The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat landscape are real. Most of them can cause irreparable damage, often resulting in information, or worse, identity theft as shown in the following blog entries: Weather Report for Halloween: High Chances of a Storm “Halloween Costumes” Bring More Fright Than Expected But just how scary is the Web 2.0 ...

In this most recent spam campaign, our spam traps caught an uncanny combination of a CapitalOne phish and a ZBOT variant. Below is a screenshot of an email sample making the rounds: The spam campaign would have you believe that you would need to install a Digital Certificate in order to use CapitalOne’s website. Clicking on the email link brings you to the following site: This is the phishing part. After filling in the required login information, the ...

Trend Micro threat analysts were recently alerted to a phishing attempt targeting random employees of several companies. The email posed as a notification from the company's “system administrator,” reminding the employee to update his/her system's software due to a recent server software upgrade. The spammed email contained a URL using several subdomains that resolved to the same IP address. Trend Micro Advanced Threats Researcher Joey Costoya believes the subdomains are tailor-made, depending on the recipent's email address. This makes the email ...