Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Hacked Sites’ Category

    When attacks against companies are described, frequently the targets are said to be either individual end users or large enterprises. Many targets of cybercrime, however, are small businesses. In this post, we'll look at how small business in Taiwan are attacked and what lessons others can take from these events. Many small businesses in Taiwan run their Web server from inside their own networks, without much awareness about how to secure them properly. They're primarily concerned with running their business, which ...

    Our investigation of the June 25 South Korea incident led us to the compromise of an auto-update mechanism attack scenario. As part of our continuous monitoring, we documented another scenario (presented in this blog entry) pertaining to a DDoS attack scenario launched at specific sites. The recent attack against South Korean websites has revealed a certain similarity between this attack and the March 20 MBR Wiper incident: a time trigger. Recall that the March 20 MBR wiper attack involved a malware that ...

    Posted in Hacked Sites, Malware, Targeted Attacks | Comments Off

    On Tuesday, South Korea raised the country’s cyber security alarm from level 1 to 3, because of several incidents that affected different government and news websites in South Korea. One of the several attacks related to the June 25 security incident involved the compromise of the auto-update mechanism related to the legitimate installer file SimDisk.exe, which we were able to get a sample of. SimDisk is a file-sharing and storage service. Most software vendors' auto-update mechanisms are intended to be non-intrusive ...

    Posted in Hacked Sites, Targeted Attacks | Comments Off

    When it comes to cybercriminal targets, it truly is a popularity contest. Multiple sites were found compromised, including those popular with Japanese users. There were 40 compromised domains identified using feedback provided by Trend Micro Deep Discovery; since yesterday almost 60,000 hits have been recorded on these sites. One of the compromised sites contains an obfuscated JavaScript (detected as JS_BLACOLE.SMTT) designed to load a hidden iframe that loads behind the user’s browser. Figure 1. Encrypted JavaScript inserted onto compromised site Figure 2. Decrypted ...

    Posted in Exploits, Hacked Sites, Malware | Comments Off

    Last January, we talked about a critical vulnerability in Ruby on Rails (CVE-2013-0156). At the time, we pointed out that there was no known attack, but because its code had been released as part of the Metasploit exploit framework and that this would increase risks of an attack moving forward. It was only a matter of time before this can be used in an attack in the wild. We strongly urged server administrators to patch their Ruby on Rails software to ...

    Posted in Exploits, Hacked Sites | Comments Off


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice