Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    October 2012
    S M T W T F S
    « Sep   Nov »
  • Email Subscription

  • About Us

    Archive for October, 2012

    We’re currently investigating several file infectors that have affected several countries, particularly Australia. Trend Micro detects these as PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O.

    Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information:


    The infected file (detected as PE_XPAJ variants) is capable of downloading randomly generated encrypted filename for its mother and loading it to the memory. As such, the copy of the mother file can be found in Windows folder using random file name and extension. Users will notice the re-infection once these encrypted files exist again in the said Windows folder and use the same filename and extension that was employed before.

    PE_XPAJ variants infect EXE, .SCR, .DLL and .SYS files. They also infect the Master Boot Record (MBR) to automatically load itself before the OS loads. One of their payloads is click fraud. These variants have the capability to redirect users to ad-clicking scam, to generate profit for the cybercriminals.
    Read the rest of this entry »


    As we’ve seen in the case of PCs, social engineering schemes and cybercriminal activities ride on what’s popular. This quarter, we saw how the threat landscape put a price on popularity.

    We have observed a sixfold increase in the number of Android malware as the sales of Android-based devices rise. There are now almost 175,000 malicious and potentially dangerous or high-risk Android apps—showing a drastic growth from the mere 30,000 apps we saw in June. A significant increase in the mobile adware is seen. These adware are known to display ads and gather user information without their consent. With the continuous adoption of mobile devices, predictions regarding mobile attacks are becoming a reality. Amid all these, an important question persists: Do you realize that the mobile apps you use every day are basically web clients? But do you allot the same effort to secure them?

    We also discovered that cybercriminals are not letting up on what they know people will bite. They know you will continue downloading stuff from peer-to-peer (P2P) networks. That’s why they’ll continue to plague those sites. One of the most dangerous things you can end up with is ZeroAccess malware infection. ZeroAccess malware silently runs when you use Adobe Flash Player. We recorded more than 900,000 ZeroAccess malware detections to date. Popular social media sites were still plagued by survey scams. Apart from social media top-of-mind Facebook, the bad guys also targeted the highly popular photo-blogging sensation Tumblr.

    Cybercriminals also continued to trail their sights on well-known programs, Java and Internet Explorer, even using them for sophisticated advanced persistent threat (APT) campaigns. Attackers also added malicious Android application package (APK) files, the file format used to distribute and install application software and middleware in Android OSs, to their toolkits.

    We’re seeing the same pattern. The popular always comes under siege. It pays to be aware, so read more in “3Q 2012 Security Roundup: Android Under Siege: Popularity Comes at a Price” and be in the know.

    Posted in Bad Sites | Comments Off on Perils of the Popular

    Seen in the wild last July 2012, PE_MUSTAN.A spreads around less secured networks and is known to target systems with weak passwords. Its roots can be traced from WORM_MORTO.SM that proliferated a year before. While this tactic of brute forcing its way around the network is not new anymore, PE_MUSTAN’s presence proves that supposed secured networks still have glaring weak spots.

    Like all file infectors, this new breed can rapidly infect multiple files on a single machine. It tries to infect all .EXE files, with the exception of files in folders with the following names:

    • Common Files
    • Internet Explorer
    • Messenger
    • Microsoft
    • Movie Maker
    • Outlook
    • qq
    • System Volume Information
    • windows
    • winnt

    Read the rest of this entry »

    Posted in Malware | Comments Off on Weak Passwords Leave Users Vulnerable to PE_MUSTAN.A

    It’s a parent’s responsibility to ensure that wherever their children are, they remain safe, happy and secure. The Internet, in this respect, is no different than any other playground in the park or at school. It looks harmless, even magical at first glance, but could result in some spills and tears if kids are left unsupervised around it.

    Instead of bruises and cuts, however, your child may be exposed to inappropriate content, online bullying, or malware. One most recent example is the rogue version of the famous Bad Piggies game app, which lures in victims with the promise of a free version of the game. These and other threats are the troubles you will have to make sure your child steers clear away from.

    It’s with this in mind that we’ve created an e-guide that should help parents with the task of introducing their children to the world of the Internet. In this document, we’ve assembled handy, easy-to-remember tips on responsible browsing, downloading and exemplary internet etiquette, both on desktop and on mobiles. We give ample advice on what to look out for and what limits to set without making the parent seem overbearing on their child’s online activities. We also provide a list of what sites to recommend to your child, in order to ease them into what material they should expect and look for.

    Responsible, reasonable netizens aren’t born – they’re made, and it all begins with their parent guiding them.

    You can read the e-guide here. For more information about this topic, visit the Trend Micro Internet Safety For Kids blog here.

    Posted in Bad Sites, Social | Comments Off on Keep Your Children Safe Online

    “Mini Flame”, detected by Trend Micro as BKDR_FLAMER.SMA is the latest espionage tool to hit the threat landscape. But a closer look reveals that BKDR_FLAMER.SMA does not differ largely from malicious tools like PlugX and PoisonIvy.

    Because of its similarities to the Flame malware, this new tool was dubbed “mini flame”. Flame made headlines early this year because of its connection to the notorious Stuxnet and was noted for its information stealing techniques.

    Based on our analysis, BKDR_FLAMER.SMA like any other backdoor, connects to specific server to communicate to a remote user. It is capable of executing malicious commands, which includes downloading and uploading files, creating processes and invoking sleep command among others.

    Its capabilities, however, do not differ from other remote tools we have seen previously such as PlugX and its predecessor PoisonIvy. PlugX is the latest Remote Access Tool (RAT) used by the same people behind the PoisonIvy campaign that has started as early as 2008. It features noteworthy backdoor modules, enabling a remote attacker to copy, rename, or delete files and capture video and screenshots. PlugX also drops a debug log file, which documents error codes that a remote attacker may use to improve future versions.

    Mini Flame, as much as it presents serious security concerns, is hardly a threat to common users. Our own findings and media reports indicate that mini flame appears to be a highly specific attack. Trend Micro, with its Smart Protection Network™, detects and deletes this malware if found in user’s system.

    Posted in Malware, Targeted Attacks | Comments Off on Mini Flame Ignites a Flicker but Is No Wildfire


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice