Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2012
    S M T W T F S
    « Nov   Jan »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for December 5th, 2012




    On the heels of Yahoo!’s recent announcement of upcoming updates for the Messenger platform, certain bad guys are already taking this chance to release their own, malicious versions of Yahoo! Messenger.

    While doing my research, I encountered this particular file (detected by Trend Micro as TROJ_ADCLICK.TNH), which looks like a legitimate Yahoo! Messenger executable.

    However, when I checked its file properties, I found that it is actually an AutoIt compiled file.

    Once users download and execute this file, which is saved as C:\Program Files\Yahoo Messenger.exe, the malware checks if an Internet connection is available by pinging Google. If it returns any value not equal to 0, it proceeds to checking the user’s existing Internet browser(s).

    Read the rest of this entry »

     
    Posted in Bad Sites | Comments Off



    Recently, I had pleasure to attend the ZeroNights 2012 security conference. ZeroNights 2012 is an international conference that covers the technical side of information security. The main scope of the conference is to distribute information about new attack methods, threats and defense tools.

    This year’s conference took place last November 19-20 in Moscow, right in the middle of the city with both the Kremlin and the Moscow River nearby. I had some problems finding the venue as it was a bit hidden and it was rush hour, but I was (almost) on time and only missed the welcome coffee and the keynote.

    The conference itself had four tracks, and I have to admit that I was lost at times due to the choices available and had to cast lots to decide which track to go for. I would like to highlight the three presentations that impressed me the most.

    “No locked doors, no windows barred: hacking OpenAM infrastructure” by Andrey Petukhov, and Georgy Noseyevich

    One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). This presentation described a popular access control system called ForgeRock OpenAM.

    During the presentation Andrey and his assistant Georg showed how it is possible to exploit Server Side Request Forgery and Local File Include vulnerabilities on the said access control system. Combining the two above vulnerabilities and an XML external entity vulnerability, they were able to read files and folders on the server side. Combining the 3 techniques, they wrote a simple fuse module to read files remotely. The fuse module cached files, and then with bash commands is easy to “ls” or “cat” or even “find” everything you need on the server side.

    Read the rest of this entry »

     
    Posted in Exploits, Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice