Last week, Trend Micro found malware samples that had been signed with digital certificates belonging to two software companies that develop specialized software. Since the two digital certificates are used by developers making very specialized products, this can increase the chances that this attack will succeed.

We have identified several samples that were signed with these compromised certificates, which we detect as TROJ_KRYPT.SMMV or TSPY_KRYPTIK.NO. We do not know if the same author was responsible for both attacks, although they do share similarities.

Both attacks used Java exploits to get onto the affected systems, which we detect as JAVA_EXPLOIT.SO and JAVA_EXPLOIT.EOJ. It’s worth noting that the exploits used here rely on vulnerabilities from early 2012, so a patched Java install would have helped protect users.

In addition, they also used a similar packaging tool. This allows different types of malware to be launched into the memory of infected system without actually dropping the physical malware file. In addition, it makes it possible to re-use old malware code, since the packaging tool will produce an entirely different file from any original (detecting) malicious code, evading detection.

Read the rest of this entry »

Over the course of the past few weeks, we’ve talked a lot Advanced Persistent Threats (APT), and how such threats require a different class of protection in order to be managed effectively.

There can be no doubt that APT attacks are a real threat. Such threats are unpredictable in nature, could lead to devastating consequences, and could affect just about any organization. The recent work from ISACA on the 2012 Advanced Persistent Threat (APT) Awareness Study shows 63% of security professionals said they were or could be a target for APT attacks. That alone says that people in the know are taking this threat seriously.

But that survey also showed that fewer than 10% of those surveyed understood that these threats are significantly different from traditional threats. Awareness of the problem is a good start. But there’s work to be done to increase awareness around solutions.

As part of our ongoing work to help educate people about threats as well as solutions, we’ve partnered with Forrester Research on a new study: Mitigating Targeted Attacks Requires an Integrated Solution. This study surveyed 350 IT enterprise security decision-makers in the US, UK, France, and Germany, asking them about their technology expectations for targeted threat detection and response. It outlines some of the effective steps organizations are taking to protect themselves from APT attacks. In addition, it also highlights some areas of caution too: most notably that a number of organizations are still focusing resources in the wrong direction to protect against APT attacks.

Read the rest of this entry »