Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Bad Sites’ Category




    We have been able to identify a new point-of-sale (PoS) malware family that has affected more than 100 victim organizations in Brazil. We have dubbed this new malware family as "FighterPOS". This name is derived from BRFighter, the tool used by the author to create this new threat. This one-man operation has been able to steal more than 22,000 unique credit card numbers. Its creator appears to have had a long history in carding, payment scams, and malware creation; in addition we ...

    Posted in Bad Sites |



    Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher. The 64-bit version is out Similar to the previous 32-bit version reported last year, the 64-bit sample is a multifunction Trojan that includes added functionalities and routines. These include RAM scraper capabilities, keylogging routines, dumping virtual network computing (VNC) passwords, and information gathering. Installation When the malware ...

    Posted in Bad Sites |



    Yahoo recently rolled out a new way for users to access their services without entering a password. Their new system uses a cellphone to authenticate the user. Instead of entering a password, the user receives a verification code via text message on their phone. (The user would have provided their phone number to Yahoo when setting this option up.) Once the user receives this code, they enter it on the Yahoo login page and voilà!, they're logged in. So what's wrong with this? ...




    We have detected through feedback from the Trend Micro™ Smart Protection Network™ that the Nuclear Exploit Kit has been updated to include the recently fixed Adobe Flash Player vulnerability identified as CVE-2015-0336. We first saw signs of this malicious activity on March 18 this year. This particular vulnerability was only recently fixed as part of Adobe's regular March update for Adobe Flash Player which upgraded the software to version 17.0.0.134. However, our feedback indicates that many users are still running the previous ...

    Posted in Bad Sites, Exploits, Malware |



    OpenSSL said last Tuesday, March 17, that they plan to release several code fixes address a number of vulnerabilities, which include those that have been classified as “high” severity. There had been speculation building around these vulnerabilities, as the bug was hinted as "the next Heartbleed" according to reports. The fix was released today, two days after their announcement. Today's security bulletin noted that the following just-released versions are all secure: OpenSSL version 1.0.2a (addresses CVE-2015-0209, CVE-2015-0285, and CVE-2015-0288) OpenSSL version 1.0.1m (addresses CVE-2015-0288) OpenSSL version ...

    Posted in Bad Sites |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice