Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2012
    S M T W T F S
    « Oct   Dec »
     123
    45678910
    11121314151617
    18192021222324
    252627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for November 14th, 2012




    We recently documented an attack that leveraged the publicly available Xtreme RAT on targets in Israel and was widely reported in the media. Our friends at Norman were able to link the attack to a yearlong campaign against both Israeli and Palestinian targets. We have found that the attacks are still on-going and that the target set is broader than previously thought.

    We discovered two emails sent from {BLOCKED}a.2011@gmail.com on Nov 11 and Nov 8 that primarily targeted the Government of Israel. One of the emails was sent to 294 email addresses. While the vast majority of the emails were sent to the Government of Israel at “mfa.gov.il”, “idf.gov.il,” and “mod.gov.il,” a significant amount were also sent to the U.S. Government at “state.gov” email addresses. Other U.S. government targets also included “senate.gov” and “house.gov” email addresses. The email was also sent to “usaid.gov” email addresses.

    The target list also included the governments of the UK (fco.gov.uk), Turkey (mfa.gov.tr), Slovenia (gov.si), Macedonia, New Zealand, and Latvia. In addition, the BBC (bbc.co.uk) and the Office of the Quartet Representative (quartetrep.org) were also targeted.

    Read the rest of this entry »

     



    News of the ‘unknown’ and underground zero-day in Adobe Reader is all over the Internet. Because of its supposed noteworthy features, including the capability to defeat Adobe’s sandbox feature, users are alarmed – and rightfully so. Fortunately, the situation is not without hope.

    With this entry, my aim is to explain to our customers what this exploit means to them and what protective measures can be implemented.

    Let us understand the threat situation first. How serious is it? There are claims of a zero-day exploit affecting versions 10 and 11 of Adobe Reader and is reportedly being sold in the underground for USD 30,000 – 50,000. Why so much money? This zero-day bypasses the sandbox protection technology that Adobe introduced in ver. 10. It executes even if JavaScript is disabled in the software. The only interaction it requires is for a user to open a .PDF document and the bug is triggered when the browser is closed.

    There is news that this bug is being exploited in specific targeted attacks. There is also news that it will soon be incorporated in the notorious BlackHole Exploit Kit. Once it gets added, there is a chance of widespread exploitation via the exploit kit.

    Read the rest of this entry »

     
    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice