Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Ryan Certeza (Technical Communications)




    One of the biggest issues of the Android OS is its fragmentation problem. We’ve covered this before – about how almost all Android updates have to pass through both device manufacturers and service providers before getting to end users. Unfortunately, this process is not quick or assured, which results in fragmentation: multiple versions of Android are present and in use.

    This results in a many users being stuck with an outdated version of Android that may be riddled with vulnerabilities and security flaws. As of May 1, only 2.3% of Android devices in use are actually on the latest version, with more than a third still using Gingerbread – a version last updated in September 2011, and known to have 3-11 vulnerabilities, with the exact number depending on the specific version.

    Leaving users on older versions of Android has two consequences: vulnerabilities are left unpatched, and new features won’t reach them. At this year’s Google I/O developer conference, Google announced plans to fix at least part of this problem: instead of rolling out a new version, they instead announced updates to core apps. This allows them to add new features to Android, while at the same time not needing to push a completely new version out to users. It does not solve all potential problems due to fragmentation, but it’s a step in the right direction.

    Out latest monthly mobile report looks at this issue in full. It discusses the root of the problem itself, why it’s become a long-standing complaint, and how it may be a problem that may take Google a very long time to straighten out. Find out what you can do to help secure yourself and your device better if you are affected by this problem.  We also have our infographic for an illustrated glance at the issue.

     
    Posted in Mobile | Comments Off



    Recent incidents highlight how frequently – and creatively – cybercriminals try to steal data. From “homemade browsers” to million-user data breaches, to the daily theft carried out every day by infostealers and phishing attacks, every day.

    All this stolen information ends up for sale in the underground to the highest bidder. From there, it can be used in many uniformly illegal ways - from identity theft, to credit card fraud, to launching attacks on other users. They can also be used to buy either expensive goods (which are then shipped to the cybercriminals), or pay for “bulletproof” web hosting that is frequently used for malicious sites. These may not cost that much individually, but the losses to users can be significant.

    It’s not just the fruits of cybercrime that are bought and sold in the underground – so are the tools, like exploit kits, vulnerabilities, and malware toolkits as well. Price tags here can reach the thousands of dollars, particularly for more advanced and sophisticated tools.

    There is so much money in the underground that it has become organized and systematic, much like real-world businesses. While the specifics of how the underground has organized itself varies from region to region, the mere fact that it has organized itself is noteworthy – both to allow for more information and tools to be sold, as well as reducing the risks of getting caught.

    Our new infographic – The Cybercriminal Underground: How Cybercriminals Are Getting Better At Stealing Your Money – explores what items are being sold and bought in the cybercrime underground, how the underground is organized, and how users are directly affected. It’s an excellent way to understand what users are up against in securing their information online. It may be viewed by clicking oh the thumbail below:

    To view all infographics from TrendLabs, visit http://about-threats.trendmicro.com/infographics.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

     



    No less than a day or so after we discovered the spam campaign taking advantage of the Boston Marathon bombing, we came upon yet another spam campaign, very similar to the previous one except this time it uses the Texas fertilizer plant explosion as a lure.  The fertilizer plant explosion occurred a mere few days after the tragedy in Boston, with 35 suspected dead and more than 160 people injured.

    What’s disturbing about the discovery of this particular campaign is that not only does it come hot on the heels of the previous one, but the fact that they seem eerily similar to each other. Upon further analysis, we’ve discovered that the malicious URLs that the spammed mails link to have identical structures, right down to the domains. Even their spammed mails are similar to each other.

    Boston-spam-email-sample

    Fig 1. The Boston Marathon explosion spammed email

    texas-explosion--spam-sample

    Fig 2. Texas plant explosion spammed email

    The only thing distinguishing them from each other was the document file name that the URL lead to – i.e. one URL from the Boston spam campaign lead to “boston.html” while the one from Texas lead to “texas.html”. It was as if the cybercriminals chose to capitalize on the latest tragedy by simply switching names.  The malicious URLs, of course, lead to exploit landing pages that could compromise an affected user’s system.

    We’ve also noted certain Twitter accounts spreading links using keywords related to the MIT shooting in Boston. These links redirect users to various websites of dubious reputation (most adware or spam-related). Though we have yet to see these links redirect to any malware-hosting website, users must still be cautious with their social media activities.

    Tweets-MIT-shooting

    Figure 3. Tweets leading to various dubious sites

    Read the rest of this entry »

     
    Posted in Spam | Comments Off



    Downloading from third-party app sites can be tempting for users – they offer ‘free’ versions of apps you would normally have to pay for. They may also  feature other apps that you may not be able their first-party counterparts.

    But is it really worth putting yourself and your mobile device at risk, considering all the possible dangers?

    In 2012, we uncovered an increase in the number of malicious domain accounts related to Android apps. From approximately 3,000 domains in January 2012, the number jumped to almost 8,000 by the end of the year. These malicious domains host suspicious .APK files or files containing data needed in Android app installation. Just an example of these malicious apps is the recent fake versions of the popular Candy Crush app with features that can be abused by cybercriminals. By using these features, they can get hold of your important data and aggressively push ads onto your device.

    The number of malicious domains, along with the 350,000 high-risk and malicious Android app found in 2012, portrays an alarming mobile threat landscape.

    As the mobile threat landscape unfolds, being informed is still your best defense. In our Mobile Review The Dangers of Third-Party Apps Sites, we reveal the hidden dangers that lurk in third-party app sites. It talks about how cybercriminals have begun to shift from simply tricking mobile users into installing malware-ridden apps to forcing them to visit or connect to malicious URLs.

    Read the rest of this entry »

     
    Posted in Mobile | Comments Off



    The beginning of 2013 is just around the corner, which means we must prepare for a fresh start. But before we prep for the new year, we must first look back at the biggest threats of 2012 – to learn from them and arm ourselves with a new, more security-conscious mindset.

    1. Blackhole Exploit Kit spam runs. Blackhole Exploit Kit (BHEK) changed everything we knew about spam phishing as the traditional ways of protection no longer work. In fact, we even uncovered some email samples that only need a victim to click a malicious link to trigger the infection chain. BHEK spam runs are also known to convincingly spoof companies like Facebook, American Airlines, and Verizon in order to convince users to open the messages.
    2. Android malware. By end Q3 this year, we already saw 175,000 malicious and high-risk apps targeting Android users. Most of these pose as legitimate apps but have hidden routines like sending messages to premium numbers or collecting sensitive information. By 2013, we expect the number of such apps rise to 1 million.
    3. Ransomware/Scareware. Ransomware has long been a consumer concern. This year, however, saw not only high-profile incidents but also some developments to coax users into paying cybercriminals. An example is the increase in Police Trojan, which locks an infected system and threatens users to pay by posing as the victim’s local law enforcement agency.
    4. DORKBOT. New DORKBOT variants were found spreading via Skype and used legitimate file storage websites to store the malware copy. It also used different languages as part of its social engineering technique.
    5. Threats Leveraging London 2012 Olympics. Global events have always been a favorite of cybercriminals. This year was no different, as we saw several attacks that took advantage of the London 2012 Olympics. Some of these schemes include fake ticketing sites and scams that sprouted before, during, and after the event.

    The threats that we saw this year prove that cybercriminals and other bad guys on the Internet are becoming more aggressive. This coming new year, we also predict new challenges arising from users engaging on multiple devices and platforms (Android, Windows, iOs etc.). And with mobile malware on the rise and conventional threats getting pumped up, users will find it difficult to secure their devices and may just forgo security altogether.

    But make no mistake – securing your Internet experience is never an option. To guide users to have a safer online experience this coming new year, we came up with the Digital Life e-Guide A Guide to 2013 New Year’s Resolution. Guided by our 2013 security predictions, this e-guide aims to turn users into better and more informed netizens.

     
    Posted in Exploits, Malware, Mobile | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice