Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Since the discovery of Shellshock, Trend Micro has continuously monitored the threat landscape for any attacks that may leverage these vulnerabilities. So far, we have identified an active IRC bot, exploit attempts in Brazil and China, botnet attacks, and a wide variety of malware payloads such as ELF_BASHLITE.A, ELF_BASHLET.A, and PERL_SHELLBOT.WZ among others.  It is reported that other vulnerable protocols like HTTP, SMTP, SSH, and FTP are also affected by Shellshock. We found that one of the payloads of Bash vulnerabilities, which we ...

    Posted in Exploits, Mac, Malware, Vulnerabilities | Comments Off



    Since the initial discovery of the initial Shellshock vulnerability and multiple reports of it being exploited in the wild, more vulnerabilities have been found in Bash. This was not unexpected. After the initial disclosure of Heartbleed, other vulnerabilities were found in OpenSSL. This pattern is repeating itself with Shellshock and Bash. Summary of Shellshock Currently, six CVEs have been assigned that are related to Shellshock. The remotely exploitable attacks are related to a known feature of the Bash shell: it is possible to ...

    Posted in Exploits, Vulnerabilities | Comments Off


    Sep28
    6:27 am (UTC-7)   |    by

    It seems like the floodgates have truly opened for Shellshock-related attacks. We have reported on different attacks leveraging the Bash bug vulnerability, ranging from botnet attacks to IRC bots. We have also mentioned that we spotted Shellshock exploit attempts in Brazil. It appears that these attempts were not limited to that country alone. We saw yet another Shellshock exploit attack—this time targeting a financial institution in China. Trend Micro Deep Discovery was able to detect this attempt and found that attackers were ...




    We have another update regarding Shellshock vulnerability. In a previous blog entry, we mentioned about a DDoS attack against institutions that depicted the gravity of the vulnerability's real-world impact. Based on our analysis, the backdoor that was used in this DDoS attack is somewhat related to the previous Shellshock exploits we have seen. It appears that the various payloads (PERL_SHELLBOT.WZ, ELF_BASHLITE.A, ELF_BASHLET.A) in the exploit code of the Shellshock vulnerability connect to several, yet common C&C servers. Analyzing these servers, we managed ...

    Posted in Exploits, Malware, Vulnerabilities | Comments Off


    Sep26
    2:01 pm (UTC-7)   |    by

    One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations. True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability. A botnet is a network of infected computers/systems. Based on our investigation, the backdoor (which Trend Micro detects as ELF_BASHWOOP.A) launches the following commands: kill udp syn tcpamp dildos http mineloris In addition, it connects to the C&C server, ...

    Posted in Exploits, Malware, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice