Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    May 2015
    S M T W T F S
    « Apr    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us


    Archive for the ‘Botnets’ Category




    We recently noticed that there has been an increase in spammed messages that use airline information as bait. These messages are made to look like notifications from airlines such as Delta Airlines, British Airways, US Airways, and American Airlines. Each message comes with an attachment—often in the form of a fake e-ticket—that recipients are supposed to open. This attachment is actually a BKDR_KULUOZ variant. Figure 1. Screenshot of sample spam KULUOZ variants are known to download and execute other malware, such as SIREFEF/ZACCESS and ...

    Posted in Botnets, Spam | Comments Off on Holiday Season Ushers In Airline Spam, KULUOZ Malware



    The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack. In their briefing, Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. To create the botnet itself, the potential ...

    Posted in Botnets | Comments Off on The Reality of Browser-Based Botnets



    For a few months now, we have been actively monitoring a spambot named Stealrat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable CMS software such as Wordpress, Joomla and Drupal. In this entry, we will discuss how website administrators can check if their website is compromised and part ...

    Posted in Botnets, Malware, Spam | Comments Off on How to Check if Your Website is Part of the Stealrat Botnet



    The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. Initially, this project to update Andromeda was about to die but the botnet's author found a successor (even though he did not officially retire). Here is the author's previous post, which basically says that if ...

    Posted in Botnets | Comments Off on Andromeda Botnet Gets an Update



    Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things: Compromised website for sending spam Compromised systems for harvesting and delivering the spam data Compromised website for delivering the payload Figure 1. StealRat method In this set ...

    Posted in Botnets, Spam | Comments Off on Compromised Sites Conceal StealRat Botnet Operations


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice