Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Danielle Veluz (Technical Communications)




    Microsoft issued a new batch of security bulletins for October with fixes for several vulnerabilities in software products used by millions of computer users worldwide. Eight security bulletins have been released, which include patches for 23 vulnerabilities for software such as Microsoft .NET Framework, Microsoft Silverlight, Internet Explorer, Microsoft Forefront United Access Gateway, and Microsoft Host Integration Server.

    Six out of the eight bulletins are rated “important” while two are rated “critical.” Some of the patches indicated a required restart after updating the machine with the affected software. Users and administrators are advised to immediately address these security flaws.

    Users may refer to our vulnerability page for more information.

    With a plethora of devices now entering the work environment, consumerization proves to be an IT nightmare and an increasing security risk, especially in terms of making sure all devices connected to the network are updated accordingly. With that, a lack of strategy could prove devastating and user-liable devices can get infected simply by surfing the Web or by being used in an unsecure environment. It is critical for users who bring their personal devices to their workplace to make sure that they update their systems with the latest security updates as soon as these are made available.

    To learn more about Microsoft support for the affected software, more details on the security bulletins for October can be found in the vendor’s official bulletin summary.

     



    Online threats and malware have been plaguing Internet users for more than 20 years now. While today’s cybercsecurity headlines often refer to the latest data breaches, Facebook scams, and the 1410% increase in the Android malware volume, it is interesting to note that the tools cybercriminals use today are, in a sense, the BRAIN-child (pun intended) of two Pakistani brothers who ironically wanted to do good and to prevent software piracy. From the PC boom in the 1980s to the rise of the Internet and connectivity from the 1990s to the 2000s, Trend Micro has been closely monitoring technological advancements in information exchange as well as how malware and online threats grew from their roots as pesky computer viruses to the notorious information-stealing programs of today.

    At present, Trend Micro sees 3.5 new threats per second. As more and more businesses and home users take the inevitable journey to the cloud, risks of data and financial loss are greater than ever. Trend Micro also continues to uncover cybercrime operations and how bad guys earn millions of dollars, pointing to an underground economy that matures with time.

    Our new infographic, “Threat Morphosis: The Shifting Motivations Behind Digital Threats,” offers a look into the evolving cybercrime motivations and the resulting shifts in the threat landscape through the years.

    Click here for a detailed look at the thumbnail image below.

     



    An addition to the roster of digital devices that have been shipped with malware, Samsung, too, seems to have accidentally distributed malware along with the new Bada-powered Samsung S8500 Wave smartphone.

    It has been reported that the 1GB micro-SD cards included with the mobile phone units shipped to Germany came preinstalled with Windows-based malware. It attempts to infect users’ PCs with the file slmvsrv.exe once connected to the smartphone. It arrives on users’ systems via the infected micro-SD card.

    Trend Micro detects this malicious file as WORN_AUTORUN.WAV, which connects to various websites to possibly download even more malicious files. It may also expose users to backdoor programs and spyware.

    According to TrendLabsSM engineer Karl Dominguez, it is easy to identify the malware in removable drives or, in this case, the micro-SD. However, the difficult part is removing it from the affected system because of its rootkit capabilities. It also disables booting in Safe Mode, thus, making it harder to remove the malware.

    To address the infected AUTORUN.INF, users are advised to disable the autorun functionality in Windows. It is also important for them to secure their systems by protecting their removable drives. Users can also pick up some countermeasures in our blog entry “How to Maximize the Malware Protection of Your Removable Drives.”

    Though the malware-laden 1GB memory cards were only limited to the initial German production run, this incident should nonetheless serve as a cautionary tale for smartphone users. It is similar to the off-the-shelf Vodafone incident that happened a few months ago.

    Trend Micro™ Smart Protection Network™ protects product users from WORN_AUTORUN.WAV by detecting and preventing the file’s execution on affected systems via the file reputation service.

     
    Posted in Malware | 1 TrackBack »



    A new spam campaign has been discovered spoofing job-application-related emails. While most spammed messages have been known to take advantage of a specific occasion, a holiday, or even a currently newsworthy item, spammers have hit a new low with this scheme.

    Click for larger view

    The sample in Figure 1 contains a short body text that says “Please review my CV, Thank you!” The email also comes with a .ZIP file attachment. Once opened, the .ZIP file executes a malicious .EXE file named Resume_document_589.exe, detected by Trend Micro as TROJ_OFICLA.AB. When executed, it drops its component file, TROJ_DLOADR.SMVE, onto users’ systems. This was found to be the same downloader found in a similar spam run.

    Job spam is no longer a novel enticement to lure users into malicious tactics. While the one-liner in the body text may be far from convincing to the more experienced user, first timers who chance upon the spam may still unwittingly open the attachment out of mere curiosity. Recipients are thus advised to constantly exercise caution when opening email messages and when executing file attachments.

    Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from even reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains that host malware-ridden files via the Web reputation service. It also prevents the download and execution of the related malware, TROJ_OFICLA.AB and TROJ_DLOADR.SMVE, on affected systems via the Trend Micro file reputation service.

    Non-Trend Micro product users can also stay protected from similar attacks by using eMail ID, a free tool that uses a two-step verification process to help users quickly find legitimate messages in their inboxes.

     
    Posted in Malware, Spam | 1 TrackBack »



    Microsoft released two critical security advisories as part of its May Patch Tuesday. In addition to the advanced notification it released last Thursday, Microsoft has addressed the vulnerabilities with this batch of patches.

    MS10-030 deals with a privately reported vulnerability plaguing Outlook Express, Windows Mail, and Windows Live Mail, which can allow remote code execution if a user accesses a malicious email server. An exploit has already been reported targeting this vulnerability. Details on which can be found on this page. This site also describes possible attack scenarios for the said vulnerability.

    MS10-031, on the other hand, resolves a vulnerability in the Microsoft Visual Basic for Applications runtime.

    Users are thus strongly advised to update their systems as soon as possible, as these vulnerabilities can be used by cybercriminals to create worms and to instigate drive-by download malware attacks on their systems.

    Adobe also released fixes for Shockwave Player and vulnerable ColdFusion servers. The former poses as more widespread than the latter with 18 separate vulnerabilities (most of which are “critical”). Though the vulnerabilities in the latter were not as critical, they have been noted to lead to cross-site scripting (XSS) and information disclosure. Users can download the latest Shockwave Player version from the Adobe Shockwave Player installation site while ColdFusion customers can find updates on this Adobe security bulletin page.

    Everyone is vulnerable to threats lurking in the Web today. As such, users are strongly encouraged to apply the said patches immediately.

    Trend Micro Deep Security and OfficeScan, through the Intrusion Defense Firewall (IDF) plug-in, already protect enterprise users against these vulnerabilities if their systems are updated with the latest Deep Packet Inspection (DPI) and IDF rules, respectively, which were released yesterday (May 11).

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice