Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    The Sandworm vulnerability, also known as CVE-2014-4114, is an interesting vulnerability for two reasons. For one, it is related to the timing of the vulnerability life cycle.  In this blog post, we will tackle vulnerability analysis, and user awareness on what actions to take when they are under attack.  Note that all dates and times discussed here are based on publicly available information and in the internal metadata of the sample files. Here’s a timeline: Click image to enlarge *1: New CVE-2014-4114 Attacks Seen One ...

    Posted in Exploits |



    We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It's rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability - CVE-2014-1772. We'd privately disclosed this vulnerability to Microsoft earlier in the year, and it had been fixed as part of the June Patch Tuesday update, as part of ...

    Posted in Exploits, Vulnerabilities |



    A new Shellshock attack targeting SMTP servers was discovered by Trend Micro.  Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as “JST Perl IrcBot” will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected. The diagram below illustrates the attack cycle. Figure 1. Diagram of the SMTP attack The attacker creates a custom ...

    Posted in Exploits, Vulnerabilities |



    We have been continuously monitoring the FlashPack exploit, especially with the recent attack which affected Japanese users. We recently looked at our Smart Protection Network feedback and found in a new development that majority of the infected systems of FlashPack exploit came from the U.S. Figure 1. Top infected countries for the FlashPack exploit (based on feedback from September 24-October 22) URL Usage and Malware Payload We checked the details of the URLs used by the FlashPack exploit and found that the exploit uses three ...

    Posted in Bad Sites, Exploits, Malware |



    Much has been reported about the recent discovery of a cyber-espionage campaign that was launched by a group known as the “Sandworm Team.” At the very heart of this incident—a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. In our analysis, the vulnerability may allow attackers to execute another malware through a flaw in the OLE package manager in Microsoft Windows and Server. Early reports shared that the vulnerability was being exploited in targeted ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice