Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for 2012




    The beginning of 2013 is just around the corner, which means we must prepare for a fresh start. But before we prep for the new year, we must first look back at the biggest threats of 2012 – to learn from them and arm ourselves with a new, more security-conscious mindset.

    1. Blackhole Exploit Kit spam runs. Blackhole Exploit Kit (BHEK) changed everything we knew about spam phishing as the traditional ways of protection no longer work. In fact, we even uncovered some email samples that only need a victim to click a malicious link to trigger the infection chain. BHEK spam runs are also known to convincingly spoof companies like Facebook, American Airlines, and Verizon in order to convince users to open the messages.
    2. Android malware. By end Q3 this year, we already saw 175,000 malicious and high-risk apps targeting Android users. Most of these pose as legitimate apps but have hidden routines like sending messages to premium numbers or collecting sensitive information. By 2013, we expect the number of such apps rise to 1 million.
    3. Ransomware/Scareware. Ransomware has long been a consumer concern. This year, however, saw not only high-profile incidents but also some developments to coax users into paying cybercriminals. An example is the increase in Police Trojan, which locks an infected system and threatens users to pay by posing as the victim’s local law enforcement agency.
    4. DORKBOT. New DORKBOT variants were found spreading via Skype and used legitimate file storage websites to store the malware copy. It also used different languages as part of its social engineering technique.
    5. Threats Leveraging London 2012 Olympics. Global events have always been a favorite of cybercriminals. This year was no different, as we saw several attacks that took advantage of the London 2012 Olympics. Some of these schemes include fake ticketing sites and scams that sprouted before, during, and after the event.

    The threats that we saw this year prove that cybercriminals and other bad guys on the Internet are becoming more aggressive. This coming new year, we also predict new challenges arising from users engaging on multiple devices and platforms (Android, Windows, iOs etc.). And with mobile malware on the rise and conventional threats getting pumped up, users will find it difficult to secure their devices and may just forgo security altogether.

    But make no mistake – securing your Internet experience is never an option. To guide users to have a safer online experience this coming new year, we came up with the Digital Life e-Guide A Guide to 2013 New Year’s Resolution. Guided by our 2013 security predictions, this e-guide aims to turn users into better and more informed netizens.

     
    Posted in Exploits, Malware, Mobile | Comments Off



    The presence of malicious apps on Google Play and other popular Android app providers remains a persistent problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google Play and two third-party Android app distributors.

    Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps, we are still noticing that these apps are being peddled on popular third party app providers. Some were even downloaded more than 100,000 times.

    During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and two other third party app providers we’ve observed. The chart below shows a comparison of the number of unique malware available on these sites.

    We noted that there are specific malware families available per site. The pie charts below show the distribution for each app provider. For app Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake versions of well-known apps. Once users are tricked into installing them, these apps steal sensitive information from the device and send these to remote servers.

    For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants. GAPUSSIN variants are known to download other malicious apps and steal information from users.

    Read the rest of this entry »

     
    Posted in Mobile | Comments Off



    We’ve been hearing much about how Africa is rapidly catching up with the rest of the world in terms of the Internet. More and more Africa-based users are now connecting to the Internet, giving them a great resource for information and an easier means for communication. Unfortunately, as more users in Africa become connected to the Internet, they become just as susceptible as the rest of the world to online threats.

    In our recently released forecasts for 2013, Raimund mentioned how Africa will become the new haven for cybercriminals. I have done some research on Africa (which I will release soon), and I very much agree with that forecast. Here are three reasons why:

    1. Great Internet availability and fast connections
      The Internet infrastructure in Africa, supported by undersea cables, is very well developed. As of now, the different ISPs in Africa are able to offer a variety of connection to their customers such as 3G, 4G LTE, dial-up, DSL, fiber and even satellite connection. The availability of such a resource as stable and fast Internet connectivity will surely be considered valuable by cybercriminals.
    2. Read the rest of this entry »

     



    Iran CERT recently announced that it uncovered a possible targeted attack using a malware that wipes files that will run on certain predefined time frame. They noted its efficiency in performing its routines despite its simplistic design.

    The way this malware was created was also deemed unusual, as the author wrote a series of batch files then used a utility to convert it into an executable file.

    Detected by Trend Micro as TROJ_BATWIPER.A, we found that this Trojan is designed to delete files found on the desktop and drives D to I, particularly those that run on these specific dates:

    • December 10-12, 2012
    • January 21-23, 2013
    • May 6-8, 2013
    • July 22-24, 2013
    • November 11-13, 2013
    • February 3-5, 2014
    • May 5-7, 2014
    • August 11-13, 2014
    • February 2-4, 2015

    Read the rest of this entry »

     
    Posted in Targeted Attacks | Comments Off



    Phishing has always been one of the most common e-mail threats, but it has now become a fairly difficult threat to detect and block. As we noted earlier in the year, the content of phishing emails has become essentially identical to legitimate messages.

    From the point of view of blocking and detecting email based on content, this is a serious issue. Because they are so similar to legitimate emails, any pattern likely to detect these phishing messages is also likely to detect many legitimate messages. This would raise the number of false positives to unacceptable levels.

    Detecting phishing emails based on analyzing URLs also presents a challenge because phishing sites are going down very quickly after they go online. According to the Global Phishing Survey report for the first half of 2012 that was released by the Anti-Phishing Working Group, the average uptime of a phishing site is now down to below 24 hours, with the median uptime just below six hours. This means that there is now relatively limited time to analyze and detect malicious sites, potentially reducing the effectivity of URLs for detecting phishing messages.

    Read the rest of this entry »

     
    Posted in Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice