Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2013
    S M T W T F S
    « Jan   Mar »
     12
    3456789
    10111213141516
    17181920212223
    2425262728  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for February 5th, 2013




    Trend Micro has been working and collaborating with law enforcement agencies such as Federal Bureau of Investigation and Office of the Inspector General (OIG) in taking down Rove Digital, an Estonia-based cybercriminal gang. Recently, Valeri Aleksejev, one of the members of Rove Digital pleaded guilty to charges of wire and computer intrusion in the District Court for the Southern District of New York in Manhattan last week.

    Aleksejev served as one of the programmers/coders for the Rove Digital operation. He is only the second person to be successfully extradited to the United States as part of the Rove Digital case. The remaining four suspects, including CEO Vladimir Tsastin, remain in Estonia pending extradition. All six were arrested in November 2011; one suspect remains at large. Sentencing for Aleksejev is expected to occur in May of this year.

    Trend Micro took part in the takedown of Rove Digital by providing information to the law enforcement regarding Rove Digital’s infrastructure. The said investigation and collaboration with industry partners and law authorities started in 2010.

    Rove Digital is known for its click-fraud activities and use of malware like DNS changer Trojans and FAKEAV to gain monetary profit to their victims. Based on our investigation, the perpetrators behind this used DNS Trojans to hijack search results, replacing ads on legitimate websites, and installing other malware. Another means for them to earn profit is installing FAKEAV to users systems. This bogus security software can even cost around $100. For more details on Trend Micro’s investigation on Rove Digital, read our paper, Operation Ghost Click: The Rove Digital Takedown.

     
    Posted in Botnets | Comments Off



    Oracle recently released a security advisory for a critical patch for Java, which updates Java 7 to Update 13. (Users of the older Java 6 also received an update, taking them to Update 39.) Accordingly, this advisory addresses several vulnerabilities for the following affected products:

    • JDK and JRE 7 Update 11 and earlier
    • JDK and JRE 6 Update 38 and earlier
    • JDK and JRE 5.0 Update 38 and earlier
    • SDK and JRE 1.4.2_40 and earlier
    • JavaFX 2.2.4 and earlier

    Fifty vulnerabilities were patched in this update. According to Oracle, one of these vulnerabilities is already being exploited in the wild, which is why the update was released early (instead of February 19 as originally scheduled).

    We believe that the targeted vulnerability is a Java Security Slider vulnerability, which is covered in CVE-2013-1489. It does not necessarily lead to exploitation but when combined with other vulnerabilities can actually lead to a ‘blind’ exploitation. For instance, when the Security Slider is set to the default (high) all unsigned applets must be authorized via a dialog box by a browser user in order to execute. This provides the browser operator the opportunity to prevent execution of suspicious applets that may result in successful exploits. However, when CVE-2013-1489 is combined with vulnerabilities that can be used to cause direct impacts, the effect can be that the impact can be caused “silently” without the authorization dialog box.

    Read the rest of this entry »

     
    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice