Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category

    The "Internet of Everything" (also known as the Internet of Things) became one of the biggest technology buzzwords of 2013, as can easily be seen in Google Trends. This term refers to the increased digitisation of everyday objects - any new technology device is being designed with connectivity in mind, whether that device is a smart TV, or a smart toaster. With more and more devices coming online, securing these devices becomes one the next big security challenge. Gamers and Augmented Reality 2014 ...

    Posted in Exploits, Malware, Mobile | Comments Off

    Several days ago, Microsoft released a security advisory disclosing a new zero-day vulnerability in older versions of Windows. It was reported that it was being abused by a malicious PDF file (TROJ_PIDIEF.GUD) to deliver a backdoor (BKDR_TAVDIG.GUD) onto affected systems in "limited, targeted attacks." We independently obtained samples of the backdoor, which is the final payload in this attack. Besides being delivered by a malware targeting a new zero-day vulnerability, the backdoor is noteworthy for its use of multiple anti-analysis techniques ...

    Posted in Exploits, Malware | Comments Off

    Trend Micro has acquired samples of an exploit targeting the recent zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in ...

    Posted in Exploits, Vulnerabilities | Comments Off

    Recently, independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively. This particular exploit checks what version of Silverlight is installed on a user's system and only runs on the following versions: 4.0.50401 4.0.60310 4.1.10329 5.0.61118 5.1.10411 Up-to-date versions of Silverlight are not ...

    Posted in Exploits, Malware, Vulnerabilities | Comments Off

    Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused. Remarkably, after all that time, it's still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day. Based on feedback from the Smart Protection Network, DOWNAD has been a leading threat for years. It ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice