Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2012
    S M T W T F S
    « Sep   Nov »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for October 30th, 2012




    Contrary to initial reports, JACKSBOT may not be as low risk as initially thought. We noted some JACKSBOT infection in the wild, indicating that the people behind this multiplatform malware are saving their best tricks for last.

    We analyzed the JACKSBOT backdoor family (specific detection name JAVA_JACKSBOT.A) that arrives as a Java application. Because it is a Java application, it can run on any platform that supports the Java Runtime Environment. When it was first reported, it was considered low risk and no actual infection was recorded. However, days after the report was released, Trend Micro successfully cleaned two infection counts; one in Australia and one in Malaysia. This indicates that the malware is now being distributed in the wild.

    There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command “MC” for stealing Minecraft passwords from the compromised system.

    Using a decompiler, I was able to see how this malware performs its dirty work. As seen in the screenshot below, the malware checks the OS currently running on the system.
    Read the rest of this entry »

     



    Earlier today, we released the paper Russian Underground 101 which provides readers an overview of the Russian underground economy. The Russian underground is a key source for all sorts of illegal products and services used by criminals, which is ultimately aimed at users all over the world.

    By exploring underground resources, (visiting various underground forums) we were able to determine the products and services that are most commonly traded for, as well as the prices of these goods. This provides us with a good insight into the Russian underground ecosystem, information which can be used to provide enhanced protection for Trend Micro customers.

    A wide variety of goods and services are sold in the Russian underground economy. These include exploit kits (which can cost several thousand dollars for well-known, effective kits), “bullet-proof” web hosting, VPN services, and custom-created malware. Business aspects of the underground (such as the pay-per-install service model), are also included.

    For full details, you can follow the following link to download the paper in full: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf

     
    Posted in Malware | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice