Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Danielle Veluz (Technical Communications)

    Over time, attackers continuously update their tactics to respond to security experts’ countermeasures. In a constant game of cat and mouse, attackers shifted tactics using several notable tools and techniques alongside the usual. The security roundup for the second quarter presents key highlights and developing trends in the security landscape.

    Trend Micro research in the second quarter shows that attackers carefully selected their targets albeit sticking to time-tested tactics and going after the same end goals. The bad guys moved away from launching large-scale attacks and instead focused on more specific and somewhat “personal” targets.

    The security roundup brings to light various threats Trend Micro encountered in the second quarter. Using more advanced tools like automatic transfer systems (ATSs)—the latest addition to widely used cybercrime toolkits—attackers streamlined their list of targets to only online banking customers in countries like Germany, the United Kingdom, and Italy.

    Carefully choosing targets was also evidenced by Trend Micro research findings on advanced persistent threat (APT) campaigns like IXESHE. Trend Micro also protected small and medium-sized businesses (SMBs) against more than 142 million threats in the first half of 2012 alone. Android malware like fake spying tool apps continue to increase in number due most likely to the continued rise in the OS’s popularity for more than 400 million active Android-based devices. Lastly, true to the quarter’s theme, Pinterest took the spotlight as its users were lured to take part in several survey scams due to its steady rise in popularity.

    To take a closer look at the security landscape in the second quarter, read our comprehensive report, “It’s Big Business… and It’s Getting Personal.”

    Posted in Bad Sites, Malware | Comments Off

    The massively popular and entertaining pastime of online gaming is done by millions all around the world but little realize its not-so-entertaining drawbacks. People tend to create another self in the world of online gaming. It’s easy to assume that that there is nothing harmful with losing yourself in that other world. But as mentioned in our e-guide, online gaming also has a dark side that opens up possibilities of financial theft and hacked or stolen accounts. In fact, we’ve been seeing more and more in-game phishing activity in the massively multiplayer online role-playing game (MMORPG) World of Warcraft.

    That said, online gaming today clearly isn’t just about fun and games, no matter what type of gamer you are. Our new infographic illustrates some quick stats on casual and hardcore gamers as well as the risks they may encounter. Can you guess how many times the Angry Birds games were downloaded? How about the estimated population of console gamers? To know the answers to these and more, check out our latest infographic “What Type of Gamer Are You?

    Posted in Bad Sites | Comments Off

    Last month, we published an infographic Know Your Enemies, which illustrated the different cybercrooks users may “meet” firsthand in the virtual neighborhood. Interestingly, a question was raised to us about the differences between the prices of user information.

    There are indeed discrepancies between the prices of credit cards between regions. The question, however, is why. We’ve come up with two explanations for this: it’s both a foreign exchange and simple economics.

    Foreign Exchanges And Economics Go Hand in Hand

    One reason why prices are different can be attributed to currency valuations and the exchange rate. Some of it is regional based, for example German credit cards having a 7 day claw-back option. For example, a US and European credit card with both a standard limit of 3,000 in their native country yields different values when converted to a third currency. In Russian Rubles, the EU one is worth 1.3 times the US one. So if US cards are worth $3, the EU equivalent should be around $4-5.

    Cybercrime is also like any typical business, with economics playing a significant part in determining prices. Case in point, it has been observed that more U.S. credit card numbers are up for sale compared to other regions. Hence, simple economics dictates the low prices. The more U.S. credit card numbers there are on the market, the easier they are to exploit. In general, U.S. credit cards are easier to exploit due to their security mechanisms which are lower than European ones. This is part of the reason why U.S. card issuers have started implementing region locks on cards so that these trigger behavioral fraud mechanisms.

    Your Identity For A Price

    The fact is that the discrepancies are due to all these factors working together to create the value of the stolen information. We must also consider the ease of exploitation of the cards being stolen, as well as the mechanics of supply and demand affecting the pricing of the aforementioned cards. These scammers, however, are just a tip of the iceberg… the underground is more vast and tangled that what we know; prices may also vary because of this.

    With this in mind, people must always remember that their information is a commodity. We should exert effort in protecting personal information at all times. We may know our enemies at face value, but it is also important to dig deeper to understand how the business of cybercrime works. To know more about this, you may refer to our latest infographic below. It illustrates how a simple case of Fake AV purchase benefit other players. Specifically, it is an overview on how each player is paid and how lucrative a FAKEAV infection can be to its proponents.

    On the other hand, users can trust that we, at Trend Micro will continuously ensure that people can engage with other users through the Internet, and be protected from online threats at the same time.

    Posted in Malware | Comments Off

    Six is a rather small number for this month’s round of Microsoft bulletins, but one stands out as a very critical update: MS12-020, aka, the “Remote Desktop Could Allow Remote Code Execution” vulnerability. Microsoft warned IT admin about this flaw in their MSRC (Microsoft Security Response Center) blog entry. From the MSRC blog: “We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority.”

    Based on the Microsoft posting, the critical flaw applies to a fairly specific subset of systems – those running RDP – and is “less problematic for those systems with Network Level Authentication (NLA) enabled”. This could allow would-be attackers to achieve remote code execution on a machine running RDP (Remote Desktop Protocol). RDP allows remote access to systems for admins to manage them remotely. An exploit for such remote access does not require network credentials, however, systems that do not have RDP enabled are not at risk.

    Other issues covered in this month’s Patch Tuesday include one moderate and four important security bulletins. IT administrators are advised to abide by the patch operating procedures for these fixes.

    Trend Micro Deep Security has just released an update which addresses the critical RDP vulnerability under the rule name 1004949 – Remote Desktop Protocol Vulnerability (CVE-2012-0002). Our page on the Threat Encyclopedia also contains respective Trend Micro solutions that cover the rest of this month’s patches.

    Update as of March 15, 2012, 6:12 p.m. (PST)

    The update for MS12-020 is now available for Intrusion Defense Firewall (IDF), too. Deep Security currently has coverage with Deep Security Update DSRU12-006 and IDF with update 12007. Deep Security provides coverage for four vulnerabilities, while IDF provides coverage for three.

    Posted in Exploits, Vulnerabilities | Comments Off

    Microsoft spreads love to all IT administrators this month by addressing 23 vulnerabilities on the 14th of February. The software giant released nine bulletins and fixed critical flaws in Internet Explorer, an error in a runtime library which can be targeted through Windows Media Player, and flaws in the Windows kernel. Four out of the nine bulletins were tagged as Critical by Microsoft.

    One critical update was MS12-010, or a cumulative security update for Internet Explorer which resolves four privately reported vulnerabilities in versions 6 through 9 of Internet Explorer. These vulnerabilities could be used to run malicious code on a user’s system if they visited a malicious web site with Internet Explorer. A similar code execution vulnerability, MS12-013, could by exploited using flaws in the mscvrt.dll runtime library to run malicious code if the user opened a specially crafted video. The two remaining Critical vulnerabilities (MS12-008 and MS12-016) resolve vulnerabilities in the Windows kernel, the .NET Framework, and Silverlight that could similarly be used to run malicious code.

    Among the remaining five Important vulnerabilities are MS12-012 and MS12-014, which fix DLL preloading issues in the Color Control Panel and Indeo codecs, respectively. MS12-011 fixed a privilege escalation flaw in SharePoint.

    Microsoft urged users to immediately install the patches associated with the above bulletins; users can find full technical details from the February summary page. You can view our page on Threat Encyclopedia for respective Trend Micro solutions.

    Users of Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plug-in can also find updates to their products that will protect them from threats exploiting the vulnerabilities made public today, in advance of IT administrators being able to roll out these patches. The coverage for this month includes all of the vulnerabilities specifically mentioned above.

    Posted in Bad Sites | Comments Off


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice