Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Zero-Day Alerts

  • Hacking Team Leak

  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
  • Email Subscription

  • About Us

    Archive for the ‘Bad Sites’ Category

    Last July we came across a crypto-ransomware variant known as Critroni or Curve-Tor-Bitcoin (CTB) Locker. We observed recent improvements to the CTB malware, which now offer a "free decryption" service, extended deadline to decrypt the files, and an option to change the language of the ransom message. These new variants also demand payment of 3 BTC (around $USD 630), while older ones seen in July only charged 0.2 BTC, or $USD 24. Along with these improvements, we are also seeing a spike ...

    Hacks in Taiwan (HITCON), a security conference hosted in that country, has discovered an attack involving several online games. Official releases of two popular online games were found to be compromised, downloading malware onto computers. HITCON worked with Trend Micro to provide a clean-up tool to possible victims of the attack. Trend Micro was then able to coordinate with the affected game provider to help address the incident. Compromised Official Releases The games that were used in the attack were online games League of Legends ...

    We were recently alerted to reports claiming that the website North Korea's official news service,, had been delivering malware via embedded malicious code. One of the photos on the website was found to contain malware, which suggests that this is part of a watering hole attack targeting individuals who visit the website and its other pages. Below is an infection diagram for the malware associated with this attack. Figure 1. Infection diagram The mother file in this attack is detected as PE_WINDEX.A-O. ...

    Posted in Bad Sites, Malware | Comments Off on North Korean News Agency Website Serves File Infector

    A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users via a link in a particular Facebook page that leads to a malicious site. This page contains obfuscated JavaScript code (see in Figure 1 below), which includes ...

    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware | Comments Off on Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice