Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Bad Sites’ Category




    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware |



    Our previous blog entry discussed the "destructive" FBI security advisory and an analysis about the WIPALL malware family and its direct connection to the massive Sony Pictures hack. In this blog post, we will further discuss other WIPALL malware variants and their main routines that link to the #GOP warning seen in infected computers of Sony Pictures employees. Below is an overview of the infection chain to be discussed in this entry: BKDR64_WIPALL.F Disables McAfee's Services The WIPALL variant BKDR_WIPALL.C shares the same coding ...

    Posted in Bad Sites, Malware |



    TrendLabs engineers were recently able to obtain a malware sample of the "destructive malware" described in reports about the Federal Bureau of Investigation (FBI) warning to U.S. businesses last December 2. According to Reuters, the FBI issued a warning to businesses to remain vigilant against this new "destructive" malware in the wake of the recent Sony Pictures attack. As of this writing, the link between the Sony breach and the  malware mentioned by the FBI has yet to be verified. The FBI flash memo titled ...

    Posted in Bad Sites, Malware |



    Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in applications previously thought safe. Below is a timeline of events that Shellshock unraveled. Figure 1. A timeline of events that illustrate the Shellshock exploitation that took place ...




    In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs namely (http://{malicious domain}/[a-z]{3}[0-9]{10,12}/loxotrap.php, http://{malicious domain}/[0-9,a-z]{6,10}/load0515p6jse9.php, http://{malicious domain}/[a-z]{3}[0-9]{10,12}/ldcigar.php) as its landing site. We monitored the abovementioned URLs and found out that the FlashPack exploit kit is now using free ads to distribute malware such as ZeuS/ZBOT, DOFOIL, and ransomware variants. This technique of using ad networks for malicious intent is called malvertising. Based on data from the Trend Micro™ Smart Protection Network™, the ...

    Posted in Bad Sites, Malware |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice