Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Targeted Attacks’ Category

    The upcoming G20 Summit in St. Petersburg, Russia might have already spewed several messages aimed at both common users and specific groups. A recent email we saw is only the latest in these threats. The said message is purportedly from the event's planning team and refers to a "pre-summit meeting": Figure 1. Spammed message The email arrives with a RAR attachment containing three files: one LNK file and two other binary files. Based on our analysis, the binary files are actually one file ...

    Sykipot is a malware family used as a backdoor that has been known since 2007, but continues to be active to this day. Recently, we have identified a new behavior from this old threat: it is now being used to gather intelligence about the civil aviation sector in the United States. Background The Sykipot malware family has been in use since 2007, with associated command-and-control (C&C) servers registered as early as 2006. It serves as a backdoor that an attacker can use to ...

    Posted in Targeted Attacks | Comments Off

    The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We've all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting these systems. As proof, we noted numerous attempts aimed at the dummy ICS and SCADA devices we created during our initial research. The insights gathered from ...

    Posted in Targeted Attacks | Comments Off

    ONLINEG, a spyware known to steal online gaming credentials, appears to be adding backdoors to its resume. We found a variant (specifically TSPY_ONLINEG.OMU) that aside from the usual data theft routine, also downloads a backdoor onto the infected system, making it vulnerable to more damage. TSPY_ONLINEG.OMU was recently found on certain South Korean websites, which were compromised to host the said malicious file. Based on our analysis, the spyware is possibly an updated version of an old variant detected as TSPY_ONLINEG.ASQ, ...

    Posted in Bad Sites, Malware, Targeted Attacks | Comments Off

    About a month ago, the Apache Software Foundation released Struts, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers. Since then, we've found that hackers in the Chinese underground have created an automated tool that exploits these problems in older versions of Struts. We first confirmed the existence of these tools on July 19; this was only three ...

    Posted in Exploits, Malware, Targeted Attacks, Vulnerabilities | Comments Off


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice