Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bernadette Irinco (Technical Communications)




    Microsoft has recently released a patch to address the zero-day exploit affecting certain versions of Internet Explorer. The said exploit was found to be hosted on the compromised Council on Foreign Relations website. When exploited, this IE vulnerability could allow attackers to execute arbitrary codes thus compromising the security of the systems. In addition, this vulnerability only affected older versions of Internet Explorer (i.e. 6, 7, and 8). Internet Explorer versions 9 and 10 are not affected. Initially, Microsoft has provided workarounds until the patch was released yesterday.

    On the other hand, last week we also received reports of a zero-day exploit which affected Java. The said exploit was used by cybercriminal toolkits such as Blackhole Exploit Kit (BHEK) and Cool Exploit Kit (CEK) respectively. Based on our investigation, the exploit code (detected as JAVA_EXPLOIT.RG) leads to the download of REVETON malware or police ransomware.  In response to this zero-day exploit, Java has issued a software update. Prior to this release, the U.S. Department of Homeland Security has recommended users to disable Java on their web browsers to armor their systems against attacks leveraging this.

    Read the rest of this entry »

     
    Posted in Vulnerabilities | Comments Off



    A new zero-day exploit in Java has been found in the wild. Currently, this exploit is being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK).

    CEK is the creation of the same author responsible for Blackhole Exploit Kit. It appears to be a high-end version of the more accessible BHEK. Zero-day exploits are first incorporated into CEK and only added into BHEK once they have been disclosed. It has been reported that CEK was being used to distribute ransomware, particularly Reveton variants.

    Currently, we detect the exploits as JAVA_EXPLOIT.RG, with the sites that load this exploit code detected as HTML_EXPLOIT.RG. The Reveton payloads are detected as TROJ_REVETON.RG and TROJ_REVETON.RJ.

    Read the rest of this entry »

     
    Posted in Exploits, Vulnerabilities | Comments Off



    To jumpstart the new year, both Microsoft and Adobe release their security updates today. Microsoft, in particular, releases seven bulletins to address 12 vulnerabilities while Adobe issues its fix for Adobe Reader and Acrobat.

    Two of the seven bulletins from Microsoft are tagged as Critical as they could lead to remote code execution, in which a successful attacker can execute a malware onto vulnerable systems. Five of these are rated Important and among these, three bulletins may lead to a possible attacker gaining administrator privileges.

    What is noteworthy, however, is the absence of security update for the unpatched vulnerability in Internet Explorer reported last December. Just before 2012 ended, we blogged about the incident, in which the Council on Foreign Relations website was compromised to host a zero-day exploit by way of a user-after-free vulnerability in IE. To address this issue, Microsoft opted to release a workaround solution.

    Read the rest of this entry »

     
    Posted in Vulnerabilities | Comments Off



    Before the year ends, Microsoft releases seven bulletins, five of which are rated as critical. Overall, these bulletins address 11 vulnerabilities. The Critical bulletins resolve vulnerabilities found in Microsoft Windows, Word, Internet Explorer and Windows Server. The remaining two vulnerabilities are focused on issues in Microsoft Windows. If successfully exploited, those bulletins deemed critical may allow attackers to execute malicious code into vulnerable systems thus compromising its security

    Two of the notable bulletins in this batch are MS12-078 and MS12-079. MS12-078 addresses vulnerabilities in Microsoft Windows that can be exploited through a specially crafted document or through a malicious website that has embedded TrueType or OpenType font files. On the other hand, MS12-079 can be exploited via a specially crafted .RTF file.

    Just last week, Trend Micro released security updates to address several zero-day exploits existing in Oracle MySQL server. As of this writing, the said vulnerabilities remain unpatched.

    Users are strongly advised to keep their systems updated, especially during the Holiday season as cybercriminals can potentially leverage these vulnerabilities to infect user systems with malware.  Cybercriminals typically employ old vulnerabilities as part of their attack.  Case in point,  the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) addressed in MS10-087 was used in a targeted attack against NATO’s NSHQ.

    Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protects users against possible threats leveraging these vulnerabilities. For more information on the bulletins and their IDF rules visit the Threat Encyclopedia page.

     
    Posted in Vulnerabilities | Comments Off



    Apart from keeping servers and endpoints secure, IT teams in enterprises also make sure that day-to-day business operations run smoothly. With this in mind, IT groups often delay installing security updates once software vendors release them for several reasons. For one, applying patches often require restarts for mission critical servers and at times these may require services to go offline. Tests and actual deployment on patches may also take up to 30 days or more because IT teams also need to research on the effects of these patches.

    Ultimately, the need to avoid business disruption in order to meet SLAs and reduce operation costs can force IT teams in charge of security to deprioritize patch management. In short, operational concerns and compliance mandates tend to prevail over security.

    As a result, this introduces windows of exposure leading to these security risks:

    • Zero-day exploits: exploits that leverage vulnerabilities before vendor announcement and patch release
    • “Buggy” or incomplete vendor patch: flawed patch released by software vendor to fix a vulnerability
    • In-the-wild exploit: cybercriminals often use exploits as an infection vector or delivery mechanism

    Read the rest of this entry »

     
    Posted in Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice