Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    May 2015
    S M T W T F S
    « Apr    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us


    Archive for the ‘Bad Sites’ Category




    We have helpful information that can help us identify the exploit kit used in the Adobe Flash zero-day attack we blogged about yesterday. Adobe states in their advisory that the related vulnerability, CVE-2015-0313, affects current versions (Adobe removed version 11.x and earlier from affected software). At first, we figured that the exploit kit involved was Angler Exploit Kit because of the URL's characteristics. So we tested it using Angler HTML parameters and found that SWF_EXPLOIT.MJST can be run. Another clue that led ...




    Last July we came across a crypto-ransomware variant known as Critroni or Curve-Tor-Bitcoin (CTB) Locker. We observed recent improvements to the CTB malware, which now offer a "free decryption" service, extended deadline to decrypt the files, and an option to change the language of the ransom message. These new variants also demand payment of 3 BTC (around $USD 630), while older ones seen in July only charged 0.2 BTC, or $USD 24. Along with these improvements, we are also seeing a spike ...




    Hacks in Taiwan (HITCON), a security conference hosted in that country, has discovered an attack involving several online games. Official releases of two popular online games were found to be compromised, downloading malware onto computers. HITCON worked with Trend Micro to provide a clean-up tool to possible victims of the attack. Trend Micro was then able to coordinate with the affected game provider to help address the incident. Compromised Official Releases The games that were used in the attack were online games League of Legends ...




    We were recently alerted to reports claiming that the website North Korea's official news service, www.kcna.kp, had been delivering malware via embedded malicious code. One of the photos on the website was found to contain malware, which suggests that this is part of a watering hole attack targeting individuals who visit the website and its other pages. Below is an infection diagram for the malware associated with this attack. Figure 1. Infection diagram The mother file in this attack is detected as PE_WINDEX.A-O. ...

    Posted in Bad Sites, Malware | Comments Off on North Korean News Agency Website Serves File Infector



    A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. This page contains obfuscated JavaScript code (see in Figure 1 below), which includes ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice