Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Julian Ponce (Threat Response Engineer)




    Malware writers have devised lots of social engineering tactics to lure users into their scheme. This time around, we saw a Trojan passing itself off as a Trend Micro component as a way to trick users into downloading and executing it.

    We recently encountered a file and noticed the following properties (see below). For the untrained eye, this file can be mistaken as a Trend Micro product/component. But during our analysis, we verified this file as a Trojan in disguise. We believe that by spoofing Trend Micro properties, the people behind this threat are hoping to trick unwitting users into executing the file. This malware is already detected by Trend Micro as TROJ_RIMECUD.AJL.

    When user executes TROJ_RIMECUD.AJL, it creates the process svchost.exe where it injects its malicious code. Once done, the malware downloads a component package (refer to Figure 2).

    Read the rest of this entry »

     
    Posted in Malware | 1 TrackBack »


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice