Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2012
    S M T W T F S
    « Jul   Sep »
  • Email Subscription

  • About Us

    Archive for August 10th, 2012

    What enterprises need to consider as large numbers of staff prepare to work away from the office.

    A large proportion of staff are set to work remotely this summer as the Olympic Games disrupt the UK’s transport networks. In a recent video interview, Stuart Sumner of Computing asked me whether remote working during the Olympics will create any new security risk for UK firms. My answer is I don’t think so. Remote access and remote working have been present in many companies for a long time now. IT security is certainly a big concern for many firms. However, let’s not forget other critical factors, such as remote access software licensing and scalability.

    During the Olympics it is reasonable to expect the whole employee base to access corporate applications and data from home – likely from employee-owned devices. Let’s not forget that most of the software eventually used in this way may not be licensed for this specific use case – i.e. Microsoft Windows or Office home editions used for work.

    The scalability of the system also needs to be taken into consideration. Typically, remote work is supported from a network perspective through VPN. Well, the VPN architecture usually requires a concentrator or some sort of backend component. This backend component needs to be scalable enough to support not just travelers or a few occasional remote users, but the whole population of the company. The same consideration applies to Remote Desktop and Virtual Desktop infrastructure.

    There has been a precedent we can look at. We had a similar situation in Japan in 2011, when Japan was struck by the triple tragedy of earthquake, tsunami and nuclear disaster. What happened ‑ based on my conversations with many customers ‑ is that most of corporate Japan IT infrastructure collapsed. Firms kept operations going by relying on highly scalable consumer technology such as Yahoo mail, Google apps, Dropbox, Skype and millions and millions of personal mobile devices – such as smartphones and tablets.

    In conclusion: with larger numbers of staff requiring remote access than usual this summer, VPN scalability and software licensing deals – to ensure that the terms are not being infringed by remote workers – are two critical aspects your firm should consider.

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Posted in Mobile | Comments Off on Remote Working During the Olympics: Any New Security Risks?

    As early as March 2012, we have spotted a number of Tibetan-themed campaigns, and we’ve documented some of them through this blog. So far, the attacks are pretty consistent: they usually arrive as emails with pro-Tibetan sentiments as subjects, and have malicious file attachments.

    Very recently, however, we found one Tibetan-themed campaign that also touches a very relevant current event: the 2012 summer Olympics in London.

    As seen above, the email message is consistent with the typical techniques observed in other Tibetan-themed spam campaigns. In this case, however, the attached compressed file includes a decoy .DOC file with the file name China’s Olympic Legacy.docx. Along with it are two malicious executables, poster.scr and Tibet and Olympics.scr, which Trend Micro both detect as TROJ_DROPPER.WSD. These Trojans drop TROJ_RUGENT.A, display the images shown below, and then delete themselves.

    TROJ_RUGENT.A, once executed, connects to certain URLs to send and receive information. Its routines may include the collecting of information about the affected system and its user.

    Trend Micro users are now protected from this threat through the Smart Protection Network, which blocks the spam messages and detects the malicious files.

    This is not the first Olympic-related threat we’ve seen, and it is highly unlikely that this will be the last. To check on these kinds of threats, you can visit Race to Security, the Trend Micro security guide to major sporting events such as the Olympics:

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Posted in Malware, Spam, Targeted Attacks | Comments Off on Spammers Use Fake Tibetan Statement on the Olympics

    This is part of a series of blog posts discussing the Chinese underground; the introductory post can be found here. The full paper can be found here.

    Broadly speaking, the Chinese underground operates with four distinct but inter-related value chains. These are:

    1. Real money theft
    2. Virtual assets theft
    3. Internet resources and services abuse
    4. Blackhat techniques, tools, and training

    We’ll discuss each chain in its own separate blog post. For know, we will concentrate on the first: real money theft.

    More and more users in China are participating in online commerce. 37.8% of Chinese Internet users, or 194 million users, have engaged in online shopping by late 2011. 167 million and 166 million users took part in online payment and online banking systems. This large volume of users engaging in commerce online, using real money and real goods, has attracted large numbers of cybercriminals.

    Broadly speaking, the chain for real money theft in China is not too different from those elsewhere, as seen in the chart below:

    There are many similarities between real money theft elsewhere and in China. Phishing, info-stealing malware, identity theft, and information theft are all part and parcel of information theft syndicates elsewhere. Similarly, the profit methods are not particularly different: money transfers and fake credit cards are to be found in prominence as well.
    Read the rest of this entry »

    Posted in Bad Sites | Comments Off on The Chinese Underground, Part 2: The Four Value Chains


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice