Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Malware’ Category

    We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These files are appended by a *.VAULT  file extension, an antivirus software service that keeps any quarantined files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to an infected system. Infection chain Arrival Vector The malware arrives to affected systems via an email attachment. When users execute the attached malicious JavaScript file, it will download four files from its C&C ...

    Just last month, there were reports that Google removed three apps from its Play Store as they were discovered to be adware in disguise. At the time of the discovery, the apps were said to have been downloaded into millions of devices, based on data from the app stores. However, these were not the only apps with similar behavior. During their investigation in early March, our researchers believe that there were over 2,000 apps with similar behavior on Google Play. However, this ...

    Posted in Malware, Mobile |

    It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon discovered that TorrentLocker infections were not limited to that region; Turkey, Italy, and France were also affected by this malware. We soon came across an “improved” version of CTB-Locker Ransomware, which now offered a “free decryption” service, an extended ...

    Recently, we’ve come across an interesting spam campaign aimed at French users. The campaign itself uses a well-crafted lure that is likely to catch the attention of its would-be victims. In addition, the malware used - the GootKit backdoor - contains several unusual technical characteristics. Both of these highlight how this campaign was quite well thought-out on the part of the attackers. Spam: Using the French Ministry of Justice This campaign starts with email in French that uses varying subject lines: Copy du jugement (translated ...

    Posted in Malware, Spam | 1 TrackBack »

    The URSNIF malware family is primarily known for being a data-stealing  malware, but it's also known for acquiring a wide variety of behavior. Known URSNIF variants include backdoors (BKDR_URSNIF.SM), spyware (TSPY_URSNIF.YNJ), and file infectors (PE_URSNIF.A-O). December 2014: Rise in URSNIF infections brought about by file infection routines In December 2014 we discussed a rise in URSNIF infections, primarily in North America,  which were due to the addition of file infection to URSNIF's routines. The virus inserts the host file into its resource section, instead carrying out typical file ...

    Posted in Malware | 1 TrackBack »


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice