Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for March 20th, 2013




    On March 20, several attacks hit various South Korean government agencies and corporations, resulting in major disruptions to their operations. The incident started when several of their computer screens went black, while others were showing images of a skull and a “warning”.

    However, Trend Micro was able to protect our enterprise users in Korea against this threat. We have determined two separate scenarios that are related to this event and how our solutions averted and can help customers prevent the said threat.

    Two of our threat discovery solutions – Deep Discovery Inspector and Deep Discovery Advisor – heuristically detected and reported malicious traffic and messages sent to two Trend Micro customers, which we later determined to be related to this attack. Because our solutions were able to detect this attack, this gave customers actionable intelligence (information such as malware’s dropped files, malicious URL, to name a few) that enabled them to take appropriate actions and mitigate the risk of the attack. Our threat discovery solutions detected this threat as HEUR_NAMETRICK.B in ATSE 9.740.1012.

    In a different scenario, we have acquired several samples (detected as TROJ_KILLMBR.SM), which we believe were responsible for the reported blank computer screens that occured in certain South Korean entities. This malware overwrites the Master Boot Record (MBR), with a series of the words HASTATI. and PRINCPES. In normal usage, the MBR contains information necessary for any operating system to boot correctly. It then automatically restarts the system. When the system restarts, due to the damaged MBR, the system is unable to boot.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice