Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Targeted Attacks’ Category




    Much has been reported about the recent discovery of a cyber-espionage campaign that was launched by a group known as the “Sandworm Team.” At the very heart of this incident—a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. In our analysis, the vulnerability may allow attackers to execute another malware through a flaw in the OLE package manager in Microsoft Windows and Server. Early reports shared that the vulnerability was being exploited in targeted ...




    In our recently released report, Operation Pawn Storm, we talked about an operation that involved three attack scenarios. For this post, we will talk about the third scenario: phishing emails that redirect victims to fake Outlook Web Access login pages. What's most notable about this is that it is simple, effective, and can be easily replicated. Through one line of simple Javascript code, the millions of Outlook Web Access (OWA) users are placed at risk of becoming a victim of a clever but simple ...




    Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), we are still seeing new attacks related to this flaw. These attacks contain a new routine that could prevent detection. A New Evasion Technique In our analysis of the vulnerability, we noted this detail: “…[T]he vulnerability exists in PACKAGER.DLL, which is a part of Windows Object Linking and Embedding (OLE) property. By using a crafted PowerPoint document, an .INF file in embedded OLE object can be copied from a remote SMB share ...




    Pawn Storm is an active economic and political cyber-espionage operation targeting a wide range of entities, mostly those related to the military, governments, and media. Specific targets include: Military agencies, embassies, and defense contractors in the US and its allies Opposition politicians and dissidents of the Russian government International media The national security department of a US ally The cyber criminals behind Operation Pawn Storm are using several different attack scenarios: spear-phishing emails with malicious Microsoft Office documents lead to SEDNIT/Sofacy malware, very selective exploits injected into legitimate websites that ...

    Posted in Malware, Targeted Attacks |



    Using cloud-based sharing sites is not a new routine for bad guys. Aside from providing free storage for their malicious files, these legitimate sites are used to evade security vendors and researchers. We have seen malware that have taken advantage of these sites, such as DropBox, Sendspace, and Evernote. We can now include Google Drive to the list of “abused” sites. We recently came across malware, detected as TSPY_DRIGO.A, that uses Google Drive as one way of siphoning information from its victims. Access ...

    Posted in Malware, Targeted Attacks |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice