Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2012
    S M T W T F S
    « Nov   Jan »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for December 18th, 2012




    Phishing has always been one of the most common e-mail threats, but it has now become a fairly difficult threat to detect and block. As we noted earlier in the year, the content of phishing emails has become essentially identical to legitimate messages.

    From the point of view of blocking and detecting email based on content, this is a serious issue. Because they are so similar to legitimate emails, any pattern likely to detect these phishing messages is also likely to detect many legitimate messages. This would raise the number of false positives to unacceptable levels.

    Detecting phishing emails based on analyzing URLs also presents a challenge because phishing sites are going down very quickly after they go online. According to the Global Phishing Survey report for the first half of 2012 that was released by the Anti-Phishing Working Group, the average uptime of a phishing site is now down to below 24 hours, with the median uptime just below six hours. This means that there is now relatively limited time to analyze and detect malicious sites, potentially reducing the effectivity of URLs for detecting phishing messages.

    Read the rest of this entry »

     
    Posted in Spam | Comments Off



    Developers at the xda developers forum have discovered a vulnerability in Android devices using the Exynos family of System-on-Chip (SoC) processors. Our researchers have independently verified the vulnerability and as a result, we have released the relevant protection for Trend Micro Mobile Security users.

    The vulnerability allows any installed app to access the entirety of the phone’s memory. An attacker could trivially use this vulnerability to gain root access, thereby gaining complete control over the device. Potentially, this is as serious as remote code execution vulnerability on Windows.

    The underlying cause is because Samsung’s memory device driver has no protection, making it open to all installed app with default privilege. Thus, all processes can read and write the whole system memory that may compromise the device.

    Currently, the following devices and their variants are known to be vulnerable to this problem:

    • Samsung Galaxy Note
    • Samsung Galaxy Note 2
    • Samsung Galaxy Note 10.1
    • Samsung Galaxy S2
    • Samsung Galaxy S3
    • Samsung Galaxy Tab Plus

    However, it is possible that any device running an Exynos SoC and running newer versions of Android (Ice Cream Sandwich or later) could be at risk. (Earlier versions of Android did not have the kernel device which was called in newer versions, so they are not at risk from this issue.)

    As a practical matter, there are no good steps users can take to mitigate this threat. (It is possible to download apps that disable access to system memory, but this also breaks key functions like the phone’s camera.) It is up to Samsung to patch this threat permanently.

    In the meantime, we have released a pattern which will detect apps that attempt to exploit this vulnerability. Users whose devices have Trend Micro Mobile Security are encouraged to update their devices with the latest pattern for protection until the said vulnerability is fixed.

     
    Posted in Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice