Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2013
    S M T W T F S
    « Dec   Feb »
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for January 11th, 2013




    During the past two days there has been a lot of activity and concern around vulnerabilities in two different widely used technologies: Java and Ruby on Rails.

    With this post, Trend Micro wants to help people understand the situation, the risks, and how we are protecting our customers. Additionally we want to let customers know what they can do to protect themselves.

    As we noted yesterday, there is a new zero day vulnerability affecting Oracle’s Java. The Java vulnerability situation is very serious. Because this is a zero day situation, there is no patch available from Oracle at this time. The United States Department of Homeland Security today recommended disabling Java entirely until a patch is released.

    The vulnerability under active attack is being targeted from hacker tools like the Black Hole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK) that distribute malware, most notably ransomware like the Reveton variants.

    And while not under active attack, the Ruby on Rails vulnerabilities are also serious. We’ve seen an announcement of two critical vulnerabilities affecting Ruby on Rails in the past couple of days. Unlike the Java situation, patches are available for these vulnerabilities. Also, there are not widespread attacks against these vulnerabilities at this time. However, exploit code has been released in a module for the Metasploit framework. The availability of exploit code does mean there can be an increased risk of attacks against the vulnerability.

    It’s also worrisome to have both a serious server-side vulnerability and an actively-attacked client-side zero vulnerability occurring at the same time. While there is no current evidence of this at this time, it remains possible that attackers could utilize both of these and attack webservers using the Ruby on Rails vulnerability and then place attack code on the compromised server that targets the Java vulnerability.

    This scenario could lend itself particularly well for “watering hole” style attacks like we outlined in our 2013 Targeted Attacks prediction and have seen recently against the current Internet Explorer vulnerability attacked over the holidays.

    Read the rest of this entry »

     



    This upcoming 2013 Consumer Electronics Show (CES), various companies will unveil the latest gadgets and devices from laptops, tablets, and smartphones to home automated systems and smart TVs. While these Interned-enabled devices offer convenience and accessibility, they can also introduce security risks. Previously, we have seen reports on unauthorized access by third parties on devices such as smart TVs, printers, heart devices, and coffee makers. In our blog entry, New Gadget + the Internet = New Threat, senior threats researcher Ranieri Romera posed the question of how safe is it to connect new, Internet-enabled devices to the Internet. Furthermore, he tackled how cybercriminals can potentially leverage vulnerabilities found on these devices to steal crucial user information. He also mentioned that the lack of security options in devices make these vulnerable.

    In our infographic, The Automated Home of Tomorrow: How Vulnerable is it to Cybercrime? we demonstrate sample devices and their possible security risks scenarios based on our research. For instance, smart refrigerators that enable users to buy their groceries online can be used by cybercriminals as an avenue to steal login credentials and order unwanted items without user’s knowledge. On the other hand, when cars and home security systems (like CCTV cameras, door locks etc.) are hacked, these could put users at danger. Cybercriminals can disrupt car functions, which might lead to accidents and open homes to possible intrusion.

    Users are highly recommended to inquire first the available security options and device’s features before purchasing any gadgets. It is also important for users to be more pro-security and familiarize themselves on the risks of connecting devices to the Internet For tips and best practices, read our e-guide, A Guide to 2013 New Year’s Resolutions.

     
    Posted in Bad Sites | Comments Off



    Blackhole exploit kit (BHEK) spam attacks remain to be a prevalent threat up to this day. In fact, it is one of the top five consumer threats for 2012 due to its use of software vulnerabilities and social engineering tactic of leveraging companies like Verizon, Citibank AT&T, and Western Union among others. Furthermore, there are reports that BHEK recently released updates, which made this threat stealthier than before.

    We have continuously monitored this threat and spotted several BHEK campaigns during the holidays. However, we noticed that the perpetrators behind these campaigns took a ‘holiday break’ so to speak since there weren’t any BHEK spam runs from Dec 30 until January 7.

    And now that the holidays are over, cybercriminals behind BHEK campaigns are back again, this time spoofing companies like HP, Federal Reserve Bank, and Better Business Bureau. In particular, the Better Business Bureau BHEK spam claims to be a complaint report and urges its recipients to click a link pointing to the said claim letter report. The links eventually lead to sites that host the Blackhole Exploit Kit, which we detect as JS_BLACOLE.TPY.

    Read the rest of this entry »

     
    Posted in Exploits, Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice