Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more digging and found out that the number of Flash files isn’t the only thing that has changed: these files use obfuscation techniques than files from two to three years ago. Antivirus evasion is the primary goal of obfuscation. SWF files use obfuscation techniques to ...

    Posted in Exploits, Vulnerabilities |



    The Sandworm vulnerability, also known as CVE-2014-4114, is an interesting vulnerability for two reasons. For one, it is related to the timing of the vulnerability life cycle.  In this blog post, we will tackle vulnerability analysis, and user awareness on what actions to take when they are under attack.  Note that all dates and times discussed here are based on publicly available information and in the internal metadata of the sample files. Here’s a timeline: Click image to enlarge *1: New CVE-2014-4114 Attacks Seen One ...

    Posted in Exploits |



    We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It's rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability - CVE-2014-1772. We'd privately disclosed this vulnerability to Microsoft earlier in the year, and it had been fixed as part of the June Patch Tuesday update, as part of ...

    Posted in Exploits, Vulnerabilities |



    A new Shellshock attack targeting SMTP servers was discovered by Trend Micro.  Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as “JST Perl IrcBot” will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected. The diagram below illustrates the attack cycle. Figure 1. Diagram of the SMTP attack The attacker creates a custom ...

    Posted in Exploits, Vulnerabilities |



    We have been continuously monitoring the FlashPack exploit, especially with the recent attack which affected Japanese users. We recently looked at our Smart Protection Network feedback and found in a new development that majority of the infected systems of FlashPack exploit came from the U.S. Figure 1. Top infected countries for the FlashPack exploit (based on feedback from September 24-October 22) URL Usage and Malware Payload We checked the details of the URLs used by the FlashPack exploit and found that the exploit uses three ...

    Posted in Bad Sites, Exploits, Malware |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice