Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bernadette Irinco (Technical Communications)




    Before the year ends, Microsoft releases seven bulletins, five of which are rated as critical. Overall, these bulletins address 11 vulnerabilities. The Critical bulletins resolve vulnerabilities found in Microsoft Windows, Word, Internet Explorer and Windows Server. The remaining two vulnerabilities are focused on issues in Microsoft Windows. If successfully exploited, those bulletins deemed critical may allow attackers to execute malicious code into vulnerable systems thus compromising its security

    Two of the notable bulletins in this batch are MS12-078 and MS12-079. MS12-078 addresses vulnerabilities in Microsoft Windows that can be exploited through a specially crafted document or through a malicious website that has embedded TrueType or OpenType font files. On the other hand, MS12-079 can be exploited via a specially crafted .RTF file.

    Just last week, Trend Micro released security updates to address several zero-day exploits existing in Oracle MySQL server. As of this writing, the said vulnerabilities remain unpatched.

    Users are strongly advised to keep their systems updated, especially during the Holiday season as cybercriminals can potentially leverage these vulnerabilities to infect user systems with malware.  Cybercriminals typically employ old vulnerabilities as part of their attack.  Case in point,  the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) addressed in MS10-087 was used in a targeted attack against NATO’s NSHQ.

    Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protects users against possible threats leveraging these vulnerabilities. For more information on the bulletins and their IDF rules visit the Threat Encyclopedia page.

     
    Posted in Vulnerabilities | Comments Off



    Apart from keeping servers and endpoints secure, IT teams in enterprises also make sure that day-to-day business operations run smoothly. With this in mind, IT groups often delay installing security updates once software vendors release them for several reasons. For one, applying patches often require restarts for mission critical servers and at times these may require services to go offline. Tests and actual deployment on patches may also take up to 30 days or more because IT teams also need to research on the effects of these patches.

    Ultimately, the need to avoid business disruption in order to meet SLAs and reduce operation costs can force IT teams in charge of security to deprioritize patch management. In short, operational concerns and compliance mandates tend to prevail over security.

    As a result, this introduces windows of exposure leading to these security risks:

    • Zero-day exploits: exploits that leverage vulnerabilities before vendor announcement and patch release
    • “Buggy” or incomplete vendor patch: flawed patch released by software vendor to fix a vulnerability
    • In-the-wild exploit: cybercriminals often use exploits as an infection vector or delivery mechanism

    Read the rest of this entry »

     
    Posted in Vulnerabilities | Comments Off



    This month, Microsoft releases six security bulletins, four of which are rated as critical. Included in this release is MS012-071 that addresses vulnerabilities in Internet Explorer. Accordingly, the said vulnerabilities could lead to remote code execution via a specially crafted website. As such, any remote attacker who exploits these can end up gaining user rights access thus compromising the security of the system.

    Microsoft also addressed vulnerabilities affecting the newly-release Windows 8 and Windows RT. Windows RT is the OS running on Windows tablets. Another notable security bulletin is MS12-076 that addressed the issue of vulnerabilities in Microsoft Excel and MS12-075 that could allow remote code execution in Kernel privileges.

    In other news, there were reports of a zero-day exploit targeting Adobe Reader. It is said that the exploit is being sold in the underground cybercrime and is used by the cybercriminals behind the Blackhole exploit kit. TrendLabs researchers are continually monitoring and investigating this for any developments.

    Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin actively protects users against possible threats leveraging these vulnerabilities. For more information on the bulletins and their IDF rules, visit the Threat Encyclopedia page.

     
    Posted in Vulnerabilities | Comments Off



    DORKBOT, also known as NgrBot, is not a new threat. In fact, it was seen in the wild as early as 2011. Yet last week, DORKBOT made the news for spreading via Skype spammed messages, and has now reached than 17,500 reported infections globally. So what is DORKBOT, really?

    A worm with multiple propagation routines

    DORKBOT typically spreads in several ways: social media (such as Facebook and Twitter), instant messaging applications (Windows Live Messenger, mIRC, and now Skype), and via USB drives.

    In propagating via social media and instant messaging applications, DORKBOT variants initially connect to the website http://api.wipmania.com/ in order to get the affected system’s IP address and location. This is done in order to pick the appropriate language to be used for propagation via instant messaging applications or social networks. However, in the Skype attack, the DORKBOT variants (WORM_DORKBOT.IF and WORM_DORKBOT.DN) checks the system locale in order to select the language.

    Here are some of the messages used, based on our analysis:

    • lol is this your new profile pic
    • hej to jest twój nowy obraz profil?
    • eínai aftí i néa fotografía profíl sas?
    • это новый аватар вашего профиля?))
    • سؤال هي صورتك ؟
    • moin, kaum zu glauben was für schöne fotos von dir auf deinem profil
    • hej er det din nye profil billede?
    • hej je to vasa nova slika profila
    • hey is dit je nieuwe profielfoto?
    • hei zhè shì ni de gèrén ziliào zhàopiàn ma?
    • tung, cka paske lyp ti nket fotografi?
    • hey c’est votre nouvelle photo de profil?
    • hey é essa sua foto de perfil? rsrsrsrsrsrsrs
    • ¿hey esta es tu nueva foto de perfil?
    • ni phaph porfil khxng khun?
    • hej detta är din nya profilbild?
    • hey è la tua immagine del profilo nuovo?

    Read the rest of this entry »

     



    After the out-of-band update for the IE zero-day reported a few weeks ago, this month’s cycle for patches is fairly a light one. Today, Microsoft released seven bulletins addressing several vulnerabilities for October. Out of the security updates only one is tagged as critical.

    Included in this release is MS12-064 that addresses vulnerabilities existing in Microsoft Office. Accordingly, once this vulnerability is exploited via a specially crafted .RTF file, it could result to remote code execution thus compromising the security of the system. Another notable security update is MS12-070 that patches the vulnerability in Microsoft SQL Server in systems with SQL Server Reporting Services (SSRS). Remote attackers can execute commands when this vulnerability is exploited. Moreover, an attacker can just send a specially crafted link to the users to exploit this vulnerability or create a web page hosting an exploit.

    Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin users are protected ever since this security advisory is released. For more information on the bulletins and their IDF rules, visit the Threat Encyclopedia page.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice