Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Justine Paredes (Technical Communications)

    Real-world terrorists are once again threatening to take their jihad (Holy War) to cyberspace. The notorious Al-Qaeda has threatened to launch a Web attack on Western anti-Muslim Web sites on the 11th of November, according to DEBKAfile, an online military intelligence magazine.

    An attack like this could be unleashed via the Electronic Jihad Version 2.0 software, which is not actually new and has been around for about three years now. The said software is capable of distributed denial-of-service (DDoS) attacks. It is also configurable and flexible, which makes it easy for cyber-terrorists to be more effective in the said attacks.

    Researchers across the industry have raised quizzical eyebrows as similar threats have turned out to be a dud, like the cyber attack that never happened against U.S. banks and financial institutions in December 2006. However, such a software was recently discovered by Trend Micro researchers. The hacking tool, which is detected as HKTL_DAHIJ.A, is now the E-Jihad Version 3.0. It arrives as an installer package and may be downloaded from a remote site.

    The following is a screencap of the GUI for entering a user name and password combination:

    When a certain user name and password is encoded, the hacking tool displays the following GUI:

    However, for other user name and password combinations, this is what appears:

    This hacking tool connects to a URL for verification purposes. After successfully establishing a connection, it downloads a list from several URLs. The said list, which contains another set of URLs, is used by the affected system to launch Denial-of-Service (DOS) attacks for the so-called e-jihad.

    Law enforcers and other experts say that threats such as these should not cause much of a fuss as Web threats happen on a regular basis. Eli Alshech, Director of the Jihad and Terrorism Studies Project at the Middle East Media Research Institute, considers these e-jihadists as more of a nuisance than a threat. But with these terrorists, we will never know what they will do next. Is 11/11 going to be another date to remember?

    The next big Web attack may unfold on the 11th of November or not at all. It is always good to remain skeptical about the veracity of such reports. Corporate users should protect their network with good network behavior monitoring tools.

    Posted in Malware | 1 TrackBack »

    Here’s another proof that sex really sells: A new Trojan, which Trend Micro detects as TROJ_PUSHDO.AD, was found to be spammed via email messages bearing a Hentai image. A sample of the email is shown below:

    sample spammed hentai troj

    When executed, this Trojan creates a registry entry to enable the automatic execution of a possibly malicious file. This indicates that samples of this Trojan may also arrive bundled with other files (read: malware), thus opening an affected system to more threats.

    This serves as a warning to users–especially the Hentai enthusiasts–out there: Be cautious of the email messages that you open. Don’t let the enticing images fool you. They just might be tickets to the latest malware show.

    Posted in Malware, Spam | 1 TrackBack »

    Another Sony rootkit has emerged via one of its new applications–the Sony MicroVault USM-F fingerprint reader application. The said application allows a user to restrict access to files stored in the Sony MicroVault USM-F USB drive through the recognition of user-preset fingerprints.

    Once the application is installed, this rootkit is also installed as a driver capable of hiding processes under the Windows folder. The path and files inside the hidden process are therefore not visible to the user. However, it is possible to gain access to the Hidden directory by using Command Prompt and there is now the possibility for the creation of new files. Files may also be run from the said directory. Files may even remain hidden from some antivirus scanners, depending on the capabilities of the antivirus software. With these characteristics and with the right stealth tactics, malicious files can be kept in hiding.

    This is not the first time that Sony products were used to the advantage of malware authors. In 2005, rootkit technology in the DRM (digital rights management systems) software bundled with Sony CDs was exploited by malicious users. A Trojan took advantage of the fact that the said technology in the software masked files with the string $sys$ by dropping the file $sys$drv.exe in the Windows system directory.

    The said DRM technology, although used to protect Sony’s products, had been considered a big risk by security experts, as malware authors could ride on its coattails. And their suspicions were right and at the time.

    It is not believed that MicroVaults with fingerprint reader application are still widely available but users who may have it or are yet to purchase one should beware of the rootkit, which Trend Micro detects as RTKT_XCP.B.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice