Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr   Jun »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for May, 2013




    The World Cancer Research Fund has recently released its statement about a story being circulated in social media and blogs concerning processed meat and cancer. The said piece was so widespread that they had to step in and make their official statement. But what is striking is how users get their information these days.

    It is no surprise that social media is now considered a formidable news source, with most people sharing, tweeting, pinning stories and news items on their accounts. None has this in spades more than Facebook, which has an estimated billion active users per month and 4.7 million content items shared by its users everyday.

    Because of the impressive online presence (like in social media), cybercriminals see this as a potential moneymaker. More users equal more possible victims. And just this May, we’ve seen several noteworthy threats that prove that the bad guys are not slowing down:

    • Early in May, we reported about several fake Iron Man 3 streaming sites sprouting across the web employing social media – in this case, Tumblr and Facebook – to spread their baits. Such social engineering tactics continue to work because these summer flicks appeal to users.
    • Because of their increasing popularity, it’s not a surprise to see scams for mobile platform. Just this month, we noted the fake free Instagram followers ruse, which in the end leads users to download a malware that gathers and sells the data stolen from the infected device.
    • As majority of financial transactions these days are done over the Internet (e.g. online banking, shopping etc.), banking and e-commerce sites are natural cybercrime targets. Just a few weeks ago, we saw how online banking users in Brazil were targeted by cybercriminals using fake homemade browser. From this incident, we uncovered the use of effective social engineering tactics that lured users to unintentionally disclose their Banco do Brasil login credentials.
    • We also saw how mobile ads in Android apps led to scam sites aimed at defrauding users and stealing their money. Although the incident was limited to Chinese users, it’s highly plausible similar attacks could occur in other parts of the world.

    But the immediate question that comes to mind is how big web threats are. In our infographic, Are You Safe Online?, we provide an overview of the current threat landscape vis-à-vis the boom in contemporary online engagement. Based on this, we noticed a direct correlation between the two: the more we do things online, the more threats are likely to materialize.

    The upside to all this is that we see more software vendors, social media sites and organizations offering added and improved security measures. But as commendable as these developments are, users must also do their share.

    As June is declared as the National Internet Safety Month by the National Cyber Security Alliance, Internet users are reminded of simple steps that they can do to stay safe. Other practices like bookmarking reputable sites and regular system updating can go a long way. Treat your mobile devices like your PC that can be open to online threats.

    To check out the full infographic, please click the thumbnail below:

     
    Posted in Malware, Social, Spam | Comments Off



    One of the biggest issues of the Android OS is its fragmentation problem. We’ve covered this before – about how almost all Android updates have to pass through both device manufacturers and service providers before getting to end users. Unfortunately, this process is not quick or assured, which results in fragmentation: multiple versions of Android are present and in use.

    This results in a many users being stuck with an outdated version of Android that may be riddled with vulnerabilities and security flaws. As of May 1, only 2.3% of Android devices in use are actually on the latest version, with more than a third still using Gingerbread – a version last updated in September 2011, and known to have 3-11 vulnerabilities, with the exact number depending on the specific version.

    Leaving users on older versions of Android has two consequences: vulnerabilities are left unpatched, and new features won’t reach them. At this year’s Google I/O developer conference, Google announced plans to fix at least part of this problem: instead of rolling out a new version, they instead announced updates to core apps. This allows them to add new features to Android, while at the same time not needing to push a completely new version out to users. It does not solve all potential problems due to fragmentation, but it’s a step in the right direction.

    Out latest monthly mobile report looks at this issue in full. It discusses the root of the problem itself, why it’s become a long-standing complaint, and how it may be a problem that may take Google a very long time to straighten out. Find out what you can do to help secure yourself and your device better if you are affected by this problem.  We also have our infographic for an illustrated glance at the issue.

     
    Posted in Mobile | Comments Off



    Last January, we talked about a critical vulnerability in Ruby on Rails (CVE-2013-0156). At the time, we pointed out that there was no known attack, but because its code had been released as part of the Metasploit exploit framework and that this would increase risks of an attack moving forward. It was only a matter of time before this can be used in an attack in the wild. We strongly urged server administrators to patch their Ruby on Rails software to the latest, patched versions.

    At the time, we noted that Trend Micro Deep Security has protected users from the said vulnerability via the following DPI rules:

    • 1005331 Ruby On Rails XML Processor YAML Deserialization DoS
    • 1005328 Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability

    These rules allow Deep Security to block network traffic that is related to this vulnerability, preventing any exploitation of the security flaw.

    Fast forward to May 28 this year: an exploit in-the-wild was found targeting the said vulnerability. The vulnerability was used to gain access to the affected systems and make them part of an IRC botnet. (The malicious payload is detected as ELF_MANUST.A.)

    Despite the vulnerability being several months old, it was still exploited very heavily in the past week. The answer is simple: not everyone patches regularly for various reasons. Security administrators have to consider several aspects, such as business continuity. Other factors may include making sure that patches actually work, and delays due to unexpected system behaviors that may occur once updates are implemented. To know more about this, you may read our report Monitoring Vulnerabilities: Are Your Servers Exploit-Proof?.

    This case, however, illustrates the downside of not patching: systems are put at increased risk, particularly if vulnerability shielding solutions are not integrated into existing systems. We will continue to monitor this threat and release updates as needed.

     
    Posted in Exploits, Hacked Sites | Comments Off



    The problem of mobile device theft has become sufficiently severe that legislators have decided to file bills discussing it. Last week, US Senator Charles Schumer re-filed Mobile Device Theft Deterrence Act of 2013, which makes modifying a device’s International Mobile Equipment Identity (IMEI) number a crime punishable by up to five years in federal prison. In theory, this is supposed to make it more difficult for stolen devices to be reused and thus less appealing. The CTIA, a trade group representing the wireless industry, has spoken out in support of the bill.

    Having one’s mobile device stolen has real costs. Replacing a phone can cost hundreds of dollars; any data on the device may be either lost or stolen. Enterprises particularly care about the latter problem, an item we discussed in the report Embracing BYOD: Are You Exposing Critical Data?.

    Even if the bill was passed, it’s unclear how much impact it would have, given how many stolen devices end up “exported” abroad. (Stolen goods being “exported” is not limited to electronics; for example, stolen cars have long been exported to places like Albania, Africa, and other less developed parts of the world.)

    The bigger issue is that other solutions to try and “fix” this problem may actually weaken mobile device security, not strengthen it. It’s frequently suggested that “remote kill” systems that would remotely disable stolen devices be included in new devices. However, these are very problematic from a security perspective: it would mean that the capability to remotely administer a device would have to be built into the device: i.e., a backdoor. If the capability to remotely kill a device is built into a product, it has to be assumed that a sufficiently determined attacker can access it and do what they with that capability.

    There’s also the thorny issue of who would hold the keys: both end user and organizations can be socially engineered and end up with a malicious attacker disabling (or just threatening to disable) a device. We’re supposed to make devices more secure over time, not less; a “remote kill” system brings with it very real potential problems. It may be better to focus on locating the device after it has been stolen; this capability is already built into iOS and Windows Phone, but not Android.

    The real solution to the problem of stolen devices may be found by treating it as a police problem and not necessarily a technological one. Any proposed solution to device theft has to take all mobile security problems into consideration; the law of unintended consequences may strike again.

    Using technology to solve a crime problem may only go so far.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

     
    Posted in Mobile | Comments Off



    Since its introduction in late 2012, Windows 8 has proven to be perhaps the most controversial version of Windows in recent memory. Much of the controversy is a direct result of its user interface, which represents a departure from the traditional desktop that’s been in use for many years. This debate has caused the other features of Windows 8 and its ARM-based cousin, Windows RT, to receive far less attention. These other features must be considered in deciding whether to migrate to Windows 8.

    From a security perspective, the picture is mixed. Some features such as improved Unified Extensible Firmware Interface (UEFI) support, enhanced Address Space Layer Randomization (ASLR) support, picture passwords, and Internet Explorer 10 all help improve the new OS’s security. Windows To Go – a way to incorporate a fully managed Windows 8 image on a USB device – is meant to improve BYOD support. Not all these features work as well as one would think, however. For example, the UEFI protection has been bypassed by proof of concept attacks. In addition, the drastically different UI can make things difficult for users. All these needs to be considered by users and organizations making decisions about whether to migrate or not.

    Our new report, Windows 8 and RT: New Beginnings, goes over the new features in Windows 8, paying particular attention to new security features.  The report gives readers a good grasp of these new features and provides the information needed to decide whether to migrate to this new version or not. The full copy of the report may be found by clicking the link here.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

     
    Posted in Data | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice