During the past few days, we’ve been monitoring Laduree.fr, the website of a well-known confectionery company based in France. A seemingly unlikely target for cybercrime, Ladurée’s website was compromised in order to infect users’ systems with ransomware. The ransomware, detected as TROJ_RANSOM.BOV pretends to be notifications from the National Gendarmerie (French: Gendarmerie nationale), commonly known as the French Police Force. It displays a window that covers the entire desktop and demands payment, i.e., holding the system ransom.
Apart from infecting French ...
Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004)
The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.
In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as ...
2011 was rife with both challenges and wins not only for Trend Micro but also for the rest of the security industry and our fellow cybercrimefighters in law enforcement. True to one of our predictions, 2011 has been dubbed the “Year of Data Breaches,” as we witnessed organizations worldwide succumb to targeted breach attacks and lose what we have come to know as the new digital currency—data.
As we prepare for the year ahead, let us take a look at some ...
Last week reports surfaced about a "zero-day" exploit for Adobe Reader (CVE-2011-2462) that had been actively used in targeted attacks beginning in November. The malicious PDFs were emailed to targets along with text encouraging the target to open the malicious attachment. If opened, the malware known as BKDR_SYKIPOT.B installs onto the target system. The reported targets have been the defense industry and government departments.
Targeted attacks are typically organized into campaigns. Such a campaign commences as a series of attacks against ...
When I read this blog entry a few days ago, the first question that entered my head was, "Is this another targeted attack?". I took a look at the .PDF discussed in the entry and it appeared to be a document addressed to employees of a certain defense contractor. Trend Micro products detect this malicious .PDF as TROJ_PIDIEF.EGG. Below is a screenshot of the survey.
It appears to me that cybercriminals are specifically targeting the employees of this defense contractor in ...
