Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Malware’ Category




    Our coverage on the Bash bug vulnerability (more popularly known as “Shellshock”) continues as we spot new developments on Shellshock-related threats and attacks. Here is a list of our stories related to this threat: Shellshock: A Technical Report - this technical brief describes the vulnerability in detail, as well as outlying which platforms are affected. Shellshock Exploit Attempts Continue in China - servers in China are also being targeted by Shellshock Shellshock Continues to Make Waves with Active IRC Bot - IRC bots are being ...

    Posted in Malware, Vulnerabilities |



    Given the severity of the Bash bug vulnerability, also known as Shellshock, it is no wonder that we’re seeing more attacks leveraging this. Just hours after this vulnerability was reported, malware payload such as ELF_BASHLITE.A emerged in the threat landscape. Other payload like PERL_SHELLBOT.WZ and ELF_BASHLET.A were also spotted in the wild, which have capabilities to execute commands, thus compromising the system or server. Apart from these malware payloads, DDoS attacks against known institutions were reported. During the course of our investigation, ...

    Posted in Malware, Vulnerabilities |



    We have another update regarding Shellshock vulnerability. In a previous blog entry, we mentioned about a DDoS attack against institutions, which depicted the gravity of the vulnerability's real world impact. Based on our analysis, the backdoor that was used in this DDoS attack is somewhat related to the previous Shellshock exploits we have seen so far. It appears that the various payloads (PERL_SHELLBOT.WZ, ELF_BASHLITE.A, ELF_BASHLET.A) in the exploit code of the Shellshock vulnerability connect to several, yet common C&C servers. Analyzing these ...



    Sep26
    2:01 pm (UTC-7)   |    by

    One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations. True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability. A botnet is a network of infected computers/systems. Based on our investigation, the backdoor (which Trend Micro detects as ELF_BASHWOOP.A) launches the following commands: kill udp syn tcpamp dildos http mineloris In addition, it connects to the C&C server, ...




    Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out, it was reportedly being exploited in the wild already.  This vulnerability can allow execution of arbitrary code, thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and website code to defacing the website to even stealing user data from databases, among others. We spotted samples which are the payload of the actual exploit ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice