We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forum. We found a user in the forum with the handle "sourcec0de" and ICQ number 291149 who currently offers root access to some of the cluster servers of MySQL.com and its subdomains.
The screenshot above shows that the seller appears to have a shell console window with root access to these servers. The price ...
Determining who is ultimately behind targeted attacks is difficult. It requires a combination of technical and contextual analysis as well as the ability to connect disparate pieces of information together over a period of time. Moreover, any one researcher typically does not necessarily have all of these pieces of information and must interpret the available evidence. Too often, attribution is solely based on easily spoofed evidence such as IP addresses and domain name registrations.
This post is a follow-up to the ...
Trend Micro has discovered an ongoing series of targeted attacks known as "LURID," which has successfully compromised 1,465 computers in 61 different countries. We have been able to identify 47 victims, including diplomatic missions, government ministries, space-related government agencies, as well as other companies and research institutions.
The countries most impacted by this attack include Russia, Kazakhstan, and Vietnam, along with numerous other countries mainly Commonwealth independent states (in the former Soviet Union).
This particular campaign comprised over 300 malicious targeted attacks ...
Adobe released an out-of-band security update to address six critical vulnerabilities, all affecting Adobe Flash Player.
One of the six, a cross-site scripting (XSS) vulnerability identified as CVE-2011-2444, is reportedly being exploited in the wild. The bug is reportedly being used in targeted attacks that involve malicious links sent out to targets via email.
Adobe attributed the discovery of CVE-2011-2444 to Google, who, in response to finding the vulnerability, issued an update for the Google Chrome browser to prevent attackers from exploiting ...
A couple of days ago, my colleagues reported an attack that appears to be targeted and that involves email messages sent through a Webmail service. Upon further investigation, we were able to confirm that this attack exploits a previously unpatched vulnerability in Hotmail. Trend Micro detects the malicious email messages as HTML_AGENT.SMJ.
The said attack simply requires the targeted user to open the specially crafted email message, which automatically executes the embedded script. This then leads to the theft of critical information, specifically email messages ...
