Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2013
    S M T W T F S
    « Mar   May »
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for April 23rd, 2013




    There’s a saying in journalism: report the news, don’t be the news.

    Unfortunately today the Associated Press (AP) ran afoul of that rule by having their Twitter account hijacked.

    In good journalistic fashion, they’re telling their own story quickly and with as much facts as possible. It sounds that they saw a phishing attack against their network just before the account was hijacked. While they don’t connect the two, it’s certainly a possibility that this is how the attackers got control of AP’s credentials.

    Once the attackers had control, they used it to send a bogus tweet out claiming there had been explosions at the White House that injured President Barack Obama. Proving that social media and twitter hacking has real-world consequences, the Dow Jones average dropped 143 points on the news (but later recovered). The account and other AP accounts have been suspended while AP works with Twitter to verify they have control of the accounts.

    Read the rest of this entry »

     
    Posted in Social | Comments Off



    Evasion is always a goal of cybercriminals. They are not above misusing legitimate sites and services to hide malicious activities. One recent example would be BKDR_VERNOT.A, which tried to use Evernote to hide its activities. Another variant of this malware was recently spotted, but this variant uses a Japanese blogging platform as its command-and-control (C&C) server, in which it was able to log in successfully.

    Network activity of BKDR_VERNOT.B

    BKDR_VERNOT.B logs in and creates a draft where it uses the affected machine’s computer name as its title.  It then adds the text “$_$Today is a very important day for me.$” and the date and time the malware was executed to the created draft.

    It may use the drafts as a drop-off point of stolen information, as well as its C&C server where it gets its backdoor commands. Some of the stolen information includes the computer’s OS information, time zone, and user name.

    After getting commands from the blog account, the malware may execute the following backdoor commands:

    • Download files
    • Execute files
    • Rename files
    • Extract archive files

    Read the rest of this entry »

     
    Posted in Malware | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice