Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Recent cyber attacks on Google and other organizations have been greatly covered by the media, owing much to the size and notability of the companies affected. However, what this incident really does is bring to light the true complexity and sophistication of computer threats and that any user or organization—large or small—can potentially be at risk.

    Although these attacks were orchestrated to target certain groups or organizations, any computer can actually fall prey to them. Trend Micro strongly suggests that users keep their systems updated with the latest patches and to apply the necessary workaround fixes for the said Internet Explorer (IE) vulnerability, which can be found in this Microsoft Security Advisory page.

    The string of attacks, which uses several vectors, appears to primarily arrive via malicious websites. Users with unprotected systems may unknowingly download a JavaScript malware detected by Trend Micro as JS_DLOADER.FIS. This specially crafted malware exploits a specific vulnerability in IE, rendering it incapable of properly handling objects in memory. This then allows remote code execution except in IE 5.01 by allowing access to an invalid pointer reference within the browser even after an object has already been deleted. To address this issue, Microsoft advises its clients to set their IE 7 browsers in “Protected Mode” if these run on Windows Vista and to enable “Data Execution Prevention (DEP).”

    However, in cases wherein the attack is not preempted, the JavaScript connects to a URL and downloads an encrypted malware detected as TROJ_HYDRAQ.SMA, also known as “Aurora.” Once decrypted and executed on the system, this Trojan executes backdoor routines. It is capable of executing other files, terminating services and processes, and more importantly, stealing information from the affected systems. The pertinent data collected are then sent to a remote user for possible use in other malicious activities.

    Although there have been some reports that the IE exploit was also found to take advantage of vulnerabilities in Adobe Reader and Acrobat, Adobe states that there has been no evidence that its products were being used as vectors for the said attack. It was, however, one of the organizations that suffered from an attack similar to Google. These Adobe vulnerabilities were found to be exploited by TROJ_PIDIEF.SHK, which, in turn, downloads TROJ_DLOAD.COB onto the affected systems.

    Trend Micro™ Smart Protection Network™ protects users from these kinds of attack by preventing the download of all the detected malicious files and by blocking user access to malicious sites.

    Trend Micro OfficeScan™ users with Intrusion Defense Firewall (IDF) plug-in are also protected from this attack if their systems are updated with IDF1003879 and IDF1003909 filters.

    Additional text by Oscar Abendan, Carolyn Guevarra, and Elizabeth Bookman

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice