Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - David Sancho (Senior Threat Researcher)

    In the last 24 hours, there has been much coverage of a data breach that affected an estimated 35 million users of SK Comms in South Korea. SK Comms is the largest service provider in the region that offers three types of service—social networking, mobile phone, and instant-messaging (IM) services. The breach affected user accounts of Nate portal and Cyworld, both under SK Comms.

    SK Comms Breach

    Given the breadth of services that SK Comms offers, the service provider is committed to provide user security and, as such, requires higher levels of personal information to secure and link user accounts compared with many other service providers. Unfortunately, these very measures are also the same ones that greatly affected its users. The stolen information include user names, email addresses, contact numbers, and some encrypted information that include the users’ blood types.

    The online landscape in South Korea is interesting and gives us an idea of the impact of the breach. The country’s Internet penetration is high and its Internet speed is fast enough to sustain mobile banking (i.e., conducting online banking transactions using mobile devices and smartphones). As such, mobile banking is pretty commonplace in South Korea. If users submit the same information and use the same password for all of their online accounts, it would not take too much creativity for hackers to conduct subsequent attacks.

    SK Comms issued an advisory to users of the affected sites. In the said post, it extended apologies with regard to the incident and gave users instructions in case they receive voice phishing calls and spammed messages. More information can be found in

    Read the rest of this entry »

    Posted in Data | TrackBacks (5) »

    (Or How Money Makes the Web Go Round)

    May is an important month in the IT security industry because it’s the anniversary of one of the most fearsome viruses ever—the ILOVEYOU virus aka the Lovebug. Back in 2000, it was a very big deal because it created a new way of infecting people’s systems—through email. This started the era of email viruses that we all suffered from since then. Yes, they’re technically worms but that’s not important. What was important back then was that these wanted to use your computer as a virtual walls for graffiti (“Jaschan was here, screw you netsky!”).

    That sounds very different from today’s viruses. Yes, we call them Trojans now but that doesn’t matter either. Today, threats are all about information theft. Cybercriminals want your credentials (your eBay password) to make money one way or another (so they can sell imaginary stuff using your reputation). They want your Facebook login credentials so they can send bad links to your friends and steal their information; your “World of Warcraft” account credentials so they can sell your valuable online items; and your online banking credentials so they can… well, you know what they want those for, I guess.

    Read the rest of this entry »


    It’s botnet takedown season again and this time around, CoreFlood bit the dust. As is most often the case nowadays, this botnet was exclusively built to steal its victims’ personal and financial information. The takedown was facilitated by the U.S. Department of Justice and by the Federal Bureau of Investigation (FBI). This is a great victory for law enforcement and for all the good guys fighting against cybercrime.

    One big botnet less means that at the very least cybercriminals will think twice about setting up a server in the United States from now on. That, of course, is not enough. On the bright side, if law enforcement collaboration keeps at this level, we can expect this kind of action to happen again in other places and that would be the greatest victory of all.

    The biggest challenge law enforcement today has to do with the different legal systems that deal with crimes that cross borders. If the servers are physically located in a few countries with registrars located in other countries, law enforcement authorities have to jump through many hoops in order to seize domains and servers. I believe we will get there but there’s a lot of work to do. The collaboration between different law enforcement units from all of the countries involved is key and we’re headed the right way. In the meantime, it’s time to celebrate.


    There has been a lot of talk in the security industry surrounding the recent data breach experienced by database marketing vendor Epsilon. As detailed in reports, the company’s email system was broken into, enabling the attacker to obtain information such as names and email addresses associated with Epsilon’s customers. Trend Micro researcher Rik Ferguson listed a number of the affected customers in his CounterMeasures blog entry here.

    Last year, I talked about how users are not fully aware of the consequences of having their email accounts compromised as well as how such instances can lead to information and identity theft. I think the points I raised then are things that users, especially those affected by the breach, should fully understand. While this breach did not involve user passwords as well as email accounts, a number of risks still exists.

    In many ways, our email account is like the backbone of our online profile. Regardless of how much we favor social media in terms of communicating (as opposed to email), most if not all social media channels require users to sign up for an email account before being able to communicate with others at all. More importantly, transactions related to online banking, online shopping, and booking flights or hotel accommodations online are all dependent on the user having a valid email account to which important information can be sent. Needless to say, email accounts contain valuable and personal information and should be appropriately secured.

    Now, considering the nature of information exposed by the breach, its effect is quite comparable to an attacker getting a sneak peek of the contents of users’ inboxes. While the attacker cannot directly access the victim’s email account, they do know some of the types of email the user typically receives (in relation to whichever Epsilon customer the user is associated with). This places the affected users at greater risk of being victimized by many known Web threats such as spear phishing and spam attacks.

    Read the rest of this entry »


    8:06 am (UTC-7)   |    by

    Chrome, Firefox, and Internet Explorer released major updates this week. The timing may be a coincidence or not but there is a very interesting feature that all three browsers are developing almost at the same time—private browsing.

    The Federal Trade Commission (FTC) issued a privacy report late last year that endorsed the privacy browsing feature. The report recommended that companies, including software developers, adopt a “privacy by design” approach to provide protection for consumer data. Perhaps, the near simultaneous release of these three browser developments can be considered major implementations of the FTC’s recommendation.

    Each of the three approaches to private browsing has its merits:

    • Mozilla Firefox Firefox advocates the use of a new HTTP header that, with time, all websites should honor. That’s a good long-term solution but until websites have the feature implemented, it’s pretty much useless. For instructions on how to enable private browsing for Firefox, you may view this page.
    • Google Chrome Chrome instead uses a blacklist of websites published by Google. HTTP cookies coming from blacklisted sites are not stored, avoiding user tracking. It’s a solid short-term intermediate solution. This is a new feature but Chrome calls its existing private browsing mode “incognito mode,” which can be enabled through the steps here.
    • Microsoft Internet Explorer Internet Explorer’s is similar, except that it allows for a more granular control over lists. The user can choose between different blacklists and, possibly, even add sites to them. This is possibly the best solution so far but I’m sure there will be developments on all of these features pretty soon. Users interested in enabling this feature can check out the instructions provided on the vendor’s website.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice