Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2012
    S M T W T F S
    « Sep   Nov »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for October, 2012




    In TrendLabs, it has become somewhat a tradition for our researchers to remind readers of the things cybercriminals do to scare them into falling into their traps. After all, not only do they take advantage of this trick-or-treating festivities to send e-cards or poison search results, the malicious tweets, disturbing Facebook posts, and the scareware that are still plaguing users happen all year round. We even did an infographic last year to sum up these tactics.

    Today, cybercriminal activities, hackers, and malware are just one aspect of our digital lives that we need to be scared of. So we asked ourselves: what are we really afraid of?

    A study* we recently conducted found that while 7 out of 10 users feel that it is their personal responsibility to protect their and their family’s online security, online 4 out of 10 feel they know how to do so. Other fears/concerns that came up touch on relevant issues like privacy and data loss.

    Are these fears rooted on something? It turns out that some of our online activities may be a contributing factor after all. Worried about the information posted on your social networking account? You should, if you don’t change your privacy settings. And did you know that according to Mashable, 1 out of 4 people in the U.S. do not back up their data at all?

    These interesting findings can be found in our latest infographic. It is interesting to note, too, that our digital “phobias” almost have the same manifestations as real-life ones (athazagoraphobia, anyone?).

    *Based on a Trend Micro survey sent to 1,000 respondents in the United States, United Kingdom, and Australia

     
    Posted in Bad Sites | Comments Off



    The recent launch of Windows 8 had people talking about this new OS. Naturally, cybercriminals grabbed this chance to distribute threats leveraging Windows 8 and raise terror among users – just in time for Halloween.

    We were alerted to two threats that leverage the release of this new OS. The first one is a typical FAKEAV. Detected as TROJ_FAKEAV.EHM, this malware may be encountered when users visit malicious sites.

    Read the rest of this entry »

     
    Posted in Malware, Spam | 1 TrackBack »



    Contrary to initial reports, JACKSBOT may not be as low risk as initially thought. We noted some JACKSBOT infection in the wild, indicating that the people behind this multiplatform malware are saving their best tricks for last.

    We analyzed the JACKSBOT backdoor family (specific detection name JAVA_JACKSBOT.A) that arrives as a Java application. Because it is a Java application, it can run on any platform that supports the Java Runtime Environment. When it was first reported, it was considered low risk and no actual infection was recorded. However, days after the report was released, Trend Micro successfully cleaned two infection counts; one in Australia and one in Malaysia. This indicates that the malware is now being distributed in the wild.

    There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command “MC” for stealing Minecraft passwords from the compromised system.

    Using a decompiler, I was able to see how this malware performs its dirty work. As seen in the screenshot below, the malware checks the OS currently running on the system.
    Read the rest of this entry »

     



    Earlier today, we released the paper Russian Underground 101 which provides readers an overview of the Russian underground economy. The Russian underground is a key source for all sorts of illegal products and services used by criminals, which is ultimately aimed at users all over the world.

    By exploring underground resources, (visiting various underground forums) we were able to determine the products and services that are most commonly traded for, as well as the prices of these goods. This provides us with a good insight into the Russian underground ecosystem, information which can be used to provide enhanced protection for Trend Micro customers.

    A wide variety of goods and services are sold in the Russian underground economy. These include exploit kits (which can cost several thousand dollars for well-known, effective kits), “bullet-proof” web hosting, VPN services, and custom-created malware. Business aspects of the underground (such as the pay-per-install service model), are also included.

    For full details, you can follow the following link to download the paper in full: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

     
    Posted in Malware | Comments Off



    Trend Micro has obtained samples of malware implicated in a recent incident that forced the Israeli police department offline. According to media reports, the severity of the attack was enough for all police computers to be taken temporarily offline last Thursday.

    The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip following rocket barrage to make it more legitimate.

    When unsuspecting recipients open the email, they will find a .RAR file attachment, which leads to the backdoor detected by Trend Micro as BKDR_XTRAT.B. Examining the e-mail headers, the target appears to have been within the Israeli Customs agency:

    Read the rest of this entry »

     
    Posted in Malware, Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice