Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Botnets’ Category




    Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things: Compromised website for sending spam Compromised systems for harvesting and delivering the spam data Compromised website for delivering the payload Figure 1. StealRat method In this set ...

    Posted in Botnets, Spam | Comments Off on Compromised Sites Conceal StealRat Botnet Operations



    In our monitoring of the GAMARUE malware family, we found a variant that used the online code repository SourceForge to host malicious files. This finding is the latest development we've seen since the increase in infection counts observed last month. SourceForge is a leading code repository for many open-source projects, which gives developers a free site that allows them to host and manage their projects online. It is currently home to more than 324,000 projects and serves more than 4 million ...




    Last March, I blogged about the Andromeda, a well-known botnet that surfaced in 2011 and is making a comeback this year. Just months after my report, we are still seeing notable activities from the said botnet, in particular a sudden boost of GAMARUE variants last week. The Andromeda botnet is a spam botnet that delivers GAMARUE variants, which are known backdoors and have a noteworthy way of propagating via removable drives. We’re keeping track of the GAMARUE infection for the ...

    Posted in Botnets, Malware | Comments Off on Keeping Up With the Andromeda Botnet



    Recent incidents highlight how frequently - and creatively - cybercriminals try to steal data. From "homemade browsers" to million-user data breaches, to the daily theft carried out every day by infostealers and phishing attacks, every day. All this stolen information ends up for sale in the underground to the highest bidder. From there, it can be used in many uniformly illegal ways - from identity theft, to credit card fraud, to launching attacks on other users. They can also be used to ...




    The Andromeda botnet - first spotted in late 2011 - has recently resurfaced. This threat arrives via a familiar means: spammed messages with malicious attachments or links to compromised websites hosting Blackhole Exploit Kit (BHEK) code. Here is one spam message we saw recently: Figure 1. Sample spammed message Andromeda itself is highly modular, and can incorporate various modules, such as: Keyloggers Form grabbers SOCKS4 proxy module Rootkits As is typical of backdoors, it can download and execute other files like ZeuS, as well as update and ...

    Posted in Botnets, Malware | Comments Off on Andromeda Botnet Resurfaces


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice