Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Bad Sites’ Category




    Hacks in Taiwan (HITCON), a security conference hosted in that country, has discovered an attack involving several online games. Official releases of two popular online games were found to be compromised, downloading malware onto computers. HITCON worked with Trend Micro to provide a clean-up tool to possible victims of the attack. Trend Micro was then able to coordinate with the affected game provider to help address the incident. Compromised Official Releases The games that were used in the attack were online games League of Legends ...




    We were recently alerted to reports claiming that the website North Korea's official news service, www.kcna.kp, had been delivering malware via embedded malicious code. One of the photos on the website was found to contain malware, which suggests that this is part of a watering hole attack targeting individuals who visit the website and its other pages. Below is an infection diagram for the malware associated with this attack. Figure 1. Infection diagram The mother file in this attack is detected as PE_WINDEX.A-O. ...

    Posted in Bad Sites, Malware | Comments Off



    A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. This page contains obfuscated JavaScript code (see in Figure 1 below), which includes ...




    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware | Comments Off



    Our previous blog entry discussed the "destructive" FBI security advisory and an analysis about the WIPALL malware family and its direct connection to the massive Sony Pictures hack. In this blog post, we will further discuss other WIPALL malware variants and their main routines that link to the #GOP warning seen in infected computers of Sony Pictures employees. Below is an overview of the infection chain to be discussed in this entry: BKDR64_WIPALL.F Disables McAfee's Services The WIPALL variant BKDR_WIPALL.C shares the same coding ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice