Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Malware’ Category



    Aug6
    4:05 am (UTC-7)   |    by

    Last week, the US Computer Emergency Readiness Team (US-CERT) reported about a newly discovered malware, dubbed "Backoff”, which targets point-of-sale (PoS) systems. Similar to other PoS malware such as Dexter and Scraper, Backoff is also used to steal financial information for malicious purposes. Based on our analysis, when Backoff is executed, it copies itself into %Application Data%\OracleJava\javaw.exe and launches the copy in %Application Data% with parameter -m <path_to_original_backoff>.  This will terminate the original Backoff process and delete the initial copy of itself. We have seen the same ...

    Posted in Malware |



    Earlier this year, the Federal Bureau of Investigation disrupted the activities of the Gameover botnet. That disruption had a significant effect on the scale of the ZBOT threat, but it was unlikely that cybercriminals would not respond in some fashion. The use of domain generation algorithms (DGAs) is a key part of Gameover, but new variants like TROJ_ZBOT.YUYAQ have made this tactic even more powerful. How exactly does this variant use this technique? The domains are based on the results of an MD5 hash generated ...

    Posted in Malware | 1 TrackBack »



    We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A.  When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further system infection. In addition, it has the capability to steal system information, which may be used by cybercriminals to launch other attacks. Evasion Mechanism Apart from stealth ...




    Recently, I learnt that attackers compromised Gizmodo's Brazilian regional site. The attackers were able to modify the Gizmodo main page to add a script which redirected them to another compromised website. This second compromised site was hosted in Sweden, and used a .se domain name. The attackers also uploaded a web shell onto this site (the site hosted in Sweden) to keep control of this server. Opening the compromised site loads a malicious URL, which contains a fake Adobe Flash download page in ...

    Posted in Malware |



    One of the recent triumphs against cybercrime is the disruption of the activities of the Gameover ZeuS botnet. Perhaps what makes this more significant is that one major threat was also affected—the notorious CryptoLocker malware. However, this disruption hasn’t deterred cybercriminals from using file-encrypting ransomware. In fact, we saw new crypto-ransomware variants that use new methods of encryption and evasion. Cryptoblocker and its Encryption Technique Just like other ransomware variants, the Cryptoblocker malware, detected as TROJ_CRYPTFILE.SM, will encrypt files for a specific amount. ...

    Posted in Malware |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice