Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category



    Sep26
    2:01 pm (UTC-7)   |    by

    One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations. True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability. A botnet is a network of infected computers/systems. Based on our investigation, the backdoor (which Trend Micro detects as ELF_BASHWOOP.A) launches the following commands: kill udp syn tcpamp dildos http mineloris In addition, it connects to the C&C server, ...



    Sep26
    1:21 am (UTC-7)   |    by

    In the immediate aftermath of the Bash vulnerability known as Shellshock, we have already seen some attacks using it to deliver DDoS malware onto Linux systems. However, given the severity of this vulnerability, it is almost certain that we will see bigger, severer attacks. What are some of the scenarios we could potentially see? Servers Web servers are currently at the highest risk of being exploited. CGI scripting is, at this time, the most reliable and best documented way of exploiting this vulnerability. As our earlier entry ...

    Posted in Exploits, Vulnerabilities |



    Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out, it was reportedly being exploited in the wild already.  This vulnerability can allow execution of arbitrary code, thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and website code to defacing the website to even stealing user data from databases, among others. We spotted samples which are the payload of the actual exploit ...




    A serious vulnerability has been found in the Bash command shell, which is commonly used by most Linux distributions. This vulnerability—designated as CVE-2014-7169—allows an attacker to run commands on an affected system. In short, this allows for remote code execution on servers that run these Linux distributions. What’s the bug (vulnerability)? The most popular shell on *nix environments has a serious flaw which can allow an attacker to run any arbitrary command over the network where it’s used behind the curtains. The most ...

    Posted in Vulnerabilities |



    Exploits are frequently used in targeted attacks to stealthily infect systems. These exploits do not have to target newly discovered or zero-day vulnerabilities; for example, CVE-2013-2551 (a vulnerability in Internet Explorer) is still being targeted in 2014. However, zero-day exploits are still a serious threat as these can catch all parties off-guard, including security vendors. Zero-days take advantage of this insecurity window to expose even diligent users and administrators to different threats. Research for Protection Our products contain technologies that help address these concerns. These include  browser ...

    Posted in Exploits, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice