Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2014
    S M T W T F S
    « Dec   Feb »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for January 14th, 2014




    Patch-Tuesday_gray
    The first Patch Tuesday of the year is relatively light, with Microsoft rolling out only four bulletins for the month. Despite the small figure, users must update their systems immediately to avoid possible  threats leveraging software vulnerabilities.

    Included in this month’s release are updates for three privately reported vulnerabilities found in Microsoft Office. If exploited, these vulnerabilities could allow an attacker to gain the same user rights as the current user. Such access could prove damaging, especially to those with administrative user rights.

    This month’s release also addresses two vulnerabilities that deal with elevation of privilege. The last bulletin addresses an issue affecting Microsoft Dynamics AX that can allow denial of service if the vulnerability is exploited.

    January 2014 marks one of the last months that Windows XP will receive patches.  As previously reported, Microsoft is ending its support of this particular OS on April 2014, a good few months away. Users and enterprises should seriously consider migrating to later versions of Windows to continue receiving patches for vulnerabilities.

    Two other tech companies have also released patches and updates. Oracle has rolled out a Critical Patch Update containing 144 new vulnerability fixes for multiple products. Adobe, meanwhile, released fixes for Adobe Flash Player, Adobe Reader, and Adobe Acrobat.

    Users are advised to apply these security updates as soon as possible, as well as visit the Trend Micro Threat Encyclopedia page.

     
    Posted in Vulnerabilities | Comments Off



    Over the holidays, it was reported that malicious ads had appeared on various Yahoo sites and affected users in Europe. Two claims about this attack have been made: first, that it affected “millions” of users, and secondly, that it was used to plant Bitcoin miners on affected computers. Some of these claims may be a bit overstated, and the coverage may not have been able to give a more complete picture of the threat.

    We can’t say for certain just how many users were exposed to this attack. However, it’s worth noting that users with up-to-date versions of Java would have been protected. We identified two Java vulnerabilities – CVE-2012-0507 and CVE-2012-4681 - that were used in this attack to plant various malicious payloads on user systems. (It is believed that these vulnerabilities were delivered by the Magnitude Exploit Kit, one of the successors to the infamous Blackhole Exploit Kit.) However, both of these vulnerabilities have been patched for a fairly long time: the first vulnerability was patched in February 2012; the other was patched in August 2012.

    Similarly, while Bitcoin miners may have been part of the potential payloads, it was far from the only one. We identified multiple malware threats as payloads. These included DORKBOT and GAMARUE variants, as well as TROJ_OBVOD.AY, which is used in click fraud schemes. The payloads that were delivered to users were quite diverse.

    Aside from keeping their software patched, well-designed security products can help keep users safe. For example, the browser exploit technology that is part of our existing products is able to protect users against this particular attack.  This technology analyzes scripts and other web objects that runs in the browser and uses heuristic analysis to determine if these are malicious. This protects users even if the updated software is not present on a user’s system. It is not a replacement for keeping software up to date, but well-thought out endpoint security is very useful in increasing the available “defense in depth” for users.

    While the infection vector may have been out of the ordinary, the attack itself was not. Basic good computing practices – such as keeping software updated and using a well-built security product – would have helped reduce the risk for end users tremendously. It’s an excellent reminder for users to practice safe computing practices.

    With additional analysis from Kai Yu.

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice