Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Jon Clay (Senior Marketing Manager)




    Cybercriminals today create and use botnets to perpetrate their criminal activities.  Whether it is to send out Blackhole Exploit Kit spam or to use as entry points into organizations, the one constant is that most bots (victim computers) communicate back and forth with command and control (C&C) servers.  Trend Micro’s Global Threat Intelligence, derived from our Smart Protection Network™, monitors C&C servers, infected Bots, and the malicious communication between the two regularly to ensure our customers are protected.

    Today we’re publishing a new global map showing active C&C servers, highlighted by red dots, and bots (victim computers), highlighted by blue dots, to show you where these botnets are located in the world.  If you are using the Chrome or Firefox browsers, you will see some of the dots radiate, showing any systems that are tied together (a unique botnet).  All users can mouse over any of the servers to get a pop-up message that shows the server location, when it was first observed, most affected countries, and the total number of victims we’ve found associated with that server.  Note that the blue dots represent more than one victim in most instances.

    Read the rest of this entry »

     
    Posted in Botnets | Comments Off



    If there’s one thing I’ve learned about the threat landscape today, it’s this: it’s always growing, and it’s always changing. Both mobile computing and the cloud are changing the threat landscape, while old threats like malware and spam continue to grow and proliferate.

    Every day, we receive 430,000 files for analysis, of which 200,000 are unique. That results in 60,000 new signatures for detection every day.

    However, we don’t stop there in order to protect our customers. Starting in 2005, we began looking into e-mail reputation in order to address the spam problem. As we did this, we realized that we have a goldmine of potential threat intelligence: unwanted e-mail is also used to spread malware and launch targeted attacks.

    We not only stopped spam fron reaching our customers, but we also did in-depth analysis on the spam runs we did see. This allowed us to discover new threats, as well as patterns within these threats.

    More and more e-mails didn’t contain the malware as an attachment, but pointed to a malicious website instead. Based on this we started to invest heavily in web reputation, and this technology is now one of our main weapons against cybercriminals today.

    We receive almost 8 billion URL queries per day from our customers – and we reply immediately what the queried URL is about, whether it’s malicious or not, and its category. Our products use this to block URLs; but we also use this to gather more information about attacks. Because of this, we’re able to find out about new attack models, command and control servers, and targeted attacks.

    These three elements have made up the foundation of the Smart Protection Network, but as the threat environment evolves, so too must Trend Micro’s response.

    We have now added mobile application reputation to our capabilities. The number of mobile malware we’re seeing is skyrocketing. Last year, mobile malware for Android was under the radar, but we predicted that we’d see 120,000 mobile malware samples by the end of 2012. For that, we have been called scammers and charlatans. Today, with over 30,000 Android malware already detected, our prediction is likely to be proven correct.

    In addition, the Smart Protection Network is now able to protect against vulnerabilities/exploits and malicious network traffic. By correlating our global threat intelligence across all the threat vectors, we see more, correlate more, detect more and protect our customers better against the wide variety of attacks.

    This rising number of threats also means the risk of false positives is growing; because of this we have added whitelisting to the Smart Protection Network. Our database of over 140 million known good applications helps us to find the right balance between aggressive malware detection and false positive avoidance.

    Thanks to our leadership in the reputation and correlation area, we get many requests from law enforcement to help them identify and jail criminals. This is something that is very satisfying for our team of threat researchers.

    In addition to our customers and law enforcement, we also provide threat intelligence to our partners like RSA, helping protect millions of users around the world.

    The correlation provided by the Smart Protection Network has helped us to deliver better security. Thanks to our threat expertise and our investment into the Smart Protection Network, we are able to provide improved protection for our customers.

    The infographic below illustrates how Smart Protection Network works to protect our customers from threats:

    Click for larger view

    And below is a link to our CTO Raimund Gene’s video blog, talking about the expanded Smart Protection Network:

    Raimund Gene's video blog
    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

     
    Posted in Data | TrackBacks (2) »


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice