Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - David Sancho (Senior Threat Researcher)

    Last month, Google announced that they were making search more secure for their users. They announced that users already signed in to Google would have a more secure experience. This meant two things: first, search queries and results would now be sent via HTTPS. This protects the searches of users with unsecured Internet connections, such as most WiFi hotspots.

    The second part was far more interesting. According to our tests, Google does not include the search terms used to reach websites anymore in the HTTP referrer header. Here’s part of the URL that Google is now sending as the referring URL:

    Note that after the &q= portion, no search term is specified. By contrast, a standard search has a referring URL more like this:

    The repercussions are twofold. First, legitimate web sites won’t be able to point out what terms they use are popular. Thus, their own optimization efforts might be impeded. I know that as a web site owner, it’s really useful to have those stats and be able to tune your content so that it’s more easily searchable. To get this information, you now have to sign up for Google’s own analytics services–which may or may not be feasible for all websites.

    Read the rest of this entry »


    I’ve read lately about the launch of Google Wallet and how it may revolutionize how we make payments. Instant payments by putting the phone near a terminal and by keying in my PIN? Sounds good. As exciting as it may be to try out new technologies, if it has to do with my wallet though, I think things through twice or more.

    Things to Consider

    First off, you need to have an Android phone. Android, while a beautiful piece of software, is the most attacked mobile software in the planet. It’s the most used one now that it has surpassed its main competitor (Apple) and there are no signs of it slowing down. I don’t mean to say that anything running on Android is bad or risky but just keep the “most attacked” angle in mind for now.

    Second, it uses NFC, a technology not very unlike RFID. That’s the information-emitting little chip you put on your dog so the vet can easily identify him. It’s also the little chip on your passport broadcasting your data and the one that your credit card uses (if you have a U.S. credit card, that is). It’s a technology that, while extremely useful, provides a very juicy target for the bad guys. A bad guy with a big antenna pointed at my dog can read her ID number from afar. Okay, that’s not the worst scenario I can picture.

    Read the rest of this entry »


    When news broke earlier this week that some Citibank Japan customers’ information leaked, many of the bank’s customers probably thought, “Again!?!” But this is not a rare occurrence these days. This time around, it wasn’t even Citibank’s fault; one of the companies it outsources some services to was at fault.

    This is the second data breach involving Citigroup, both of which led to the exposure of a great deal of user information. The key difference between the two incidents, however, is the attacker. Someone who wasn’t associated in any way to Citigroup was responsible for the first incident while someone from within an organization Citigroup outsources certain operations to was responsible for the second one.

    After a past history of breaches, the 92,400 credit card holders whose data was stolen have a right to be mad. But mad at whom? Past history or not, it’s difficult to be mad at Citibank. It wasn’t the one who lost the data this time after all. At the hackers who stole the data? Maybe. But there are too many of them with a variety of motivation, not all of which are financial. At the outsourcing company? Well, that’s something certainly worth considering.

    Too Many Sheep in Different Farms

    A big problem for corporations with regard to data leakage has to do with the number of data repositories they need to look at and the different departments within their organizations that are in charge of the said data. In a global company, different security and IT departments, along with several outsourcing companies, have access to data. Therefore, the amount of coordination required to secure the whole thing is huge. Monitoring also becomes as critical as it is difficult. This is where security gaps begin to show. You just can’t keep an eye out on your sheep when you have too many spread out over different farms.

    Read the rest of this entry »

    Posted in Data | TrackBacks (7) »

    In the last 24 hours, there has been much coverage of a data breach that affected an estimated 35 million users of SK Comms in South Korea. SK Comms is the largest service provider in the region that offers three types of service—social networking, mobile phone, and instant-messaging (IM) services. The breach affected user accounts of Nate portal and Cyworld, both under SK Comms.

    SK Comms Breach

    Given the breadth of services that SK Comms offers, the service provider is committed to provide user security and, as such, requires higher levels of personal information to secure and link user accounts compared with many other service providers. Unfortunately, these very measures are also the same ones that greatly affected its users. The stolen information include user names, email addresses, contact numbers, and some encrypted information that include the users’ blood types.

    The online landscape in South Korea is interesting and gives us an idea of the impact of the breach. The country’s Internet penetration is high and its Internet speed is fast enough to sustain mobile banking (i.e., conducting online banking transactions using mobile devices and smartphones). As such, mobile banking is pretty commonplace in South Korea. If users submit the same information and use the same password for all of their online accounts, it would not take too much creativity for hackers to conduct subsequent attacks.

    SK Comms issued an advisory to users of the affected sites. In the said post, it extended apologies with regard to the incident and gave users instructions in case they receive voice phishing calls and spammed messages. More information can be found in

    Read the rest of this entry »

    Posted in Data | TrackBacks (5) »

    (Or How Money Makes the Web Go Round)

    May is an important month in the IT security industry because it’s the anniversary of one of the most fearsome viruses ever—the ILOVEYOU virus aka the Lovebug. Back in 2000, it was a very big deal because it created a new way of infecting people’s systems—through email. This started the era of email viruses that we all suffered from since then. Yes, they’re technically worms but that’s not important. What was important back then was that these wanted to use your computer as a virtual walls for graffiti (“Jaschan was here, screw you netsky!”).

    That sounds very different from today’s viruses. Yes, we call them Trojans now but that doesn’t matter either. Today, threats are all about information theft. Cybercriminals want your credentials (your eBay password) to make money one way or another (so they can sell imaginary stuff using your reputation). They want your Facebook login credentials so they can send bad links to your friends and steal their information; your “World of Warcraft” account credentials so they can sell your valuable online items; and your online banking credentials so they can… well, you know what they want those for, I guess.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice