Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2013
    S M T W T F S
    « Jan   Mar »
     12
    3456789
    10111213141516
    17181920212223
    2425262728  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for February 22nd, 2013




    In the course of our threat research, we’ve encountered different types of social engineering lures that aim to trigger different emotions such as fear and happiness. These lures are often effective, as we’ve seen happen in several incidents in the past. However, they are also easily recognizable as they often use a common theme, be it a recent event or an ongoing season.

    There are also other techniques that use different, more sober approach. These techniques do not aim to trigger alarm, but instead to try to avoid it. They try to blend into their intended victims’ normal behavior or use their interests in order to get the them into schemes. And though these techniques are far less alarming in terms of the message they bring, they are harder to detect, and often more sinister.

    An example of this is the watering hole technique, which was used recently in an attack that ended up affecting companies such as Facebook and Apple. Choosing to use a mobile developer forum as the watering hole, the lure was almost passive — it did not need any means to get the victims to visit the site. The site was strategically chosen because visiting it was already known to be a part of the victim’s normal routine.

    Earlier this week, we also saw reports of an attack wherein the name of the report recently released by Mandiant is being used as the lure. The message in related to the attack comes as a recommendation from the sender to read the article, along with a PDF file which supposedly is the report itself (of course in reality the file is malicious — a PDF exploit we detect as TROJ_PIDIEF.EVF). We were also alerted of news regarding another threat using the Mandiant report, which supposedly targeted journalists. Detected as TROJ_PIDIEF.EVE, this malware drops the non-malicious .PDF file, Mandiant_APT2_Report.pdf and a backdoor detected as BKDR_POISON.EVE.

    AdobeReader_pdf

    Figure 1. Screenshot of the dropped .PDF file

    mandiantpdf2

    Figure 2. TROJ_PIDIEF.EVE drops this non-malicious .PDF file

    Read the rest of this entry »

     
    Posted in Bad Sites, Targeted Attacks | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice