Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Given the severity of the Bash vulnerability, also known as Shellshock, it is no wonder that we’re seeing a lot of attacks leveraging this. Just hours after this vulnerability was reported, malware payload such as ELF_BASHLITE.A emerged in the threat landscape. Other payload like PERL_SHELLBOT.WZ and ELF_BASHLET.A were also spotted in the wild, which have capabilities to execute commands, thus can compromise a system or a server. Apart from these malware payloads, DDoS attacks against well-known organizations have been reported. During the course ...

    Posted in Malware, Vulnerabilities |



    We have another update regarding Shellshock vulnerability. In a previous blog entry, we mentioned about a DDoS attack against institutions that depicted the gravity of the vulnerability's real-world impact. Based on our analysis, the backdoor that was used in this DDoS attack is somewhat related to the previous Shellshock exploits we have seen. It appears that the various payloads (PERL_SHELLBOT.WZ, ELF_BASHLITE.A, ELF_BASHLET.A) in the exploit code of the Shellshock vulnerability connect to several, yet common C&C servers. Analyzing these servers, we managed ...



    Sep26
    2:01 pm (UTC-7)   |    by

    One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations. True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability. A botnet is a network of infected computers/systems. Based on our investigation, the backdoor (which Trend Micro detects as ELF_BASHWOOP.A) launches the following commands: kill udp syn tcpamp dildos http mineloris In addition, it connects to the C&C server, ...



    Sep26
    1:21 am (UTC-7)   |    by

    In the immediate aftermath of the Bash vulnerability known as Shellshock, we have already seen some attacks using it to deliver DDoS malware onto Linux systems. However, given the severity of this vulnerability, it is almost certain that we will see bigger, severer attacks. What are some of the scenarios we could potentially see? Servers Web servers are currently at the highest risk of being exploited. CGI scripting is, at this time, the most reliable and best documented way of exploiting this vulnerability. As our earlier entry ...

    Posted in Exploits, Vulnerabilities |



    Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out, it was reportedly being exploited in the wild already.  This vulnerability can allow execution of arbitrary code, thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and website code to defacing the website to even stealing user data from databases, among others. We spotted samples which are the payload of the actual exploit ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice